| FAIL |
low |
accessanalyzer |
ap-northeast-1 |
Check if IAM Access Analyzer is enabled without findings |
207592916039 |
Check if IAM Access Analyzer is enabled without findings |
accessanalyzer_enabled_without_findings |
IAM Access Analyzer is not enabled |
AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy. |
Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost). |
|
| FAIL |
low |
accessanalyzer |
ap-northeast-2 |
Check if IAM Access Analyzer is enabled without findings |
207592916039 |
Check if IAM Access Analyzer is enabled without findings |
accessanalyzer_enabled_without_findings |
IAM Access Analyzer is not enabled |
AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy. |
Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost). |
|
| FAIL |
low |
accessanalyzer |
ap-northeast-3 |
Check if IAM Access Analyzer is enabled without findings |
207592916039 |
Check if IAM Access Analyzer is enabled without findings |
accessanalyzer_enabled_without_findings |
IAM Access Analyzer is not enabled |
AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy. |
Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost). |
|
| FAIL |
low |
accessanalyzer |
ap-south-1 |
Check if IAM Access Analyzer is enabled without findings |
207592916039 |
Check if IAM Access Analyzer is enabled without findings |
accessanalyzer_enabled_without_findings |
IAM Access Analyzer is not enabled |
AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy. |
Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost). |
|
| FAIL |
low |
accessanalyzer |
ap-southeast-1 |
Check if IAM Access Analyzer is enabled without findings |
207592916039 |
Check if IAM Access Analyzer is enabled without findings |
accessanalyzer_enabled_without_findings |
IAM Access Analyzer is not enabled |
AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy. |
Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost). |
|
| FAIL |
low |
accessanalyzer |
ap-southeast-2 |
Check if IAM Access Analyzer is enabled without findings |
207592916039 |
Check if IAM Access Analyzer is enabled without findings |
accessanalyzer_enabled_without_findings |
IAM Access Analyzer is not enabled |
AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy. |
Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost). |
|
| FAIL |
low |
accessanalyzer |
ca-central-1 |
Check if IAM Access Analyzer is enabled without findings |
207592916039 |
Check if IAM Access Analyzer is enabled without findings |
accessanalyzer_enabled_without_findings |
IAM Access Analyzer is not enabled |
AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy. |
Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost). |
|
| FAIL |
low |
accessanalyzer |
eu-central-1 |
Check if IAM Access Analyzer is enabled without findings |
207592916039 |
Check if IAM Access Analyzer is enabled without findings |
accessanalyzer_enabled_without_findings |
IAM Access Analyzer is not enabled |
AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy. |
Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost). |
|
| FAIL |
low |
accessanalyzer |
eu-north-1 |
Check if IAM Access Analyzer is enabled without findings |
207592916039 |
Check if IAM Access Analyzer is enabled without findings |
accessanalyzer_enabled_without_findings |
IAM Access Analyzer is not enabled |
AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy. |
Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost). |
|
| FAIL |
low |
accessanalyzer |
eu-west-1 |
Check if IAM Access Analyzer is enabled without findings |
207592916039 |
Check if IAM Access Analyzer is enabled without findings |
accessanalyzer_enabled_without_findings |
IAM Access Analyzer is not enabled |
AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy. |
Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost). |
|
| FAIL |
low |
accessanalyzer |
eu-west-2 |
Check if IAM Access Analyzer is enabled without findings |
207592916039 |
Check if IAM Access Analyzer is enabled without findings |
accessanalyzer_enabled_without_findings |
IAM Access Analyzer is not enabled |
AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy. |
Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost). |
|
| FAIL |
low |
accessanalyzer |
eu-west-3 |
Check if IAM Access Analyzer is enabled without findings |
207592916039 |
Check if IAM Access Analyzer is enabled without findings |
accessanalyzer_enabled_without_findings |
IAM Access Analyzer is not enabled |
AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy. |
Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost). |
|
| FAIL |
low |
accessanalyzer |
sa-east-1 |
Check if IAM Access Analyzer is enabled without findings |
207592916039 |
Check if IAM Access Analyzer is enabled without findings |
accessanalyzer_enabled_without_findings |
IAM Access Analyzer is not enabled |
AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy. |
Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost). |
|
| FAIL |
low |
accessanalyzer |
us-east-1 |
Check if IAM Access Analyzer is enabled without findings |
207592916039 |
Check if IAM Access Analyzer is enabled without findings |
accessanalyzer_enabled_without_findings |
IAM Access Analyzer is not enabled |
AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy. |
Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost). |
|
| FAIL |
low |
accessanalyzer |
us-east-2 |
Check if IAM Access Analyzer is enabled without findings |
207592916039 |
Check if IAM Access Analyzer is enabled without findings |
accessanalyzer_enabled_without_findings |
IAM Access Analyzer is not enabled |
AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy. |
Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost). |
|
| FAIL |
low |
accessanalyzer |
us-west-1 |
Check if IAM Access Analyzer is enabled without findings |
207592916039 |
Check if IAM Access Analyzer is enabled without findings |
accessanalyzer_enabled_without_findings |
IAM Access Analyzer is not enabled |
AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy. |
Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost). |
|
| FAIL |
low |
accessanalyzer |
us-west-2 |
Check if IAM Access Analyzer is enabled without findings |
207592916039 |
Check if IAM Access Analyzer is enabled without findings |
accessanalyzer_enabled_without_findings |
IAM Access Analyzer is not enabled |
AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy. |
Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost). |
|
| INFO |
medium |
account |
ap-south-1 |
Maintain current contact details. |
207592916039 |
Maintain current contact details. |
account_maintain_current_contact_details |
Manual check: Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Contact Information. |
Ensure contact email and telephone details for AWS accounts are current and map to more than one individual in your organization. An AWS account supports a number of contact details; and AWS will use these to contact the account owner if activity judged to be in breach of Acceptable Use Policy. If an AWS account is observed to be behaving in a prohibited or suspicious manner; AWS will attempt to contact the account owner by email and phone using the contact details listed. If this is unsuccessful and the account behavior needs urgent mitigation; proactive measures may be taken; including throttling of traffic between the account exhibiting suspicious behavior and the AWS API endpoints and the Internet. This will result in impaired service to and from the account in question. |
Using the Billing and Cost Management console complete contact details. |
|
| INFO |
medium |
account |
ap-south-1 |
Ensure security contact information is registered. |
207592916039 |
Ensure security contact information is registered. |
account_security_contact_information_is_registered |
Manual check: Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Alternate Contacts -> Security Section. |
AWS provides customers with the option of specifying the contact information for accounts security team. It is recommended that this information be provided. Specifying security-specific contact information will help ensure that security advisories sent by AWS reach the team in your organization that is best equipped to respond to them. |
Go to the My Account section and complete alternate contacts. |
|
| INFO |
medium |
account |
ap-south-1 |
Ensure security questions are registered in the AWS account. |
207592916039 |
Ensure security questions are registered in the AWS account. |
account_security_questions_are_registered_in_the_aws_account |
Manual check: Login to the AWS Console as root. Choose your account name on the top right of the window -> My Account -> Configure Security Challenge Questions. |
The AWS support portal allows account owners to establish security questions that can be used to authenticate individuals calling AWS customer service for support. It is recommended that security questions be established. When creating a new AWS account a default super user is automatically created. This account is referred to as the root account. It is recommended that the use of this account be limited and highly controlled. During events in which the root password is no longer accessible or the MFA token associated with root is lost/destroyed it is possible through authentication using secret questions and associated answers to recover root login access. |
Login as root account and from My Account configure Security questions. |
|
| FAIL |
high |
acm |
ap-south-1 |
Check if ACM Certificates are about to expire in specific days or less |
*.fugoone.com |
Check if ACM Certificates are about to expire in specific days or less |
acm_certificates_expiration_check |
ACM Certificate for *.fugoone.com is about to expire in 7 days. |
Expired certificates can impact service availability. |
Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check. |
|
| FAIL |
high |
acm |
ap-south-1 |
Check if ACM Certificates are about to expire in specific days or less |
*.fugoone.com |
Check if ACM Certificates are about to expire in specific days or less |
acm_certificates_expiration_check |
ACM Certificate for *.fugoone.com is about to expire in 7 days. |
Expired certificates can impact service availability. |
Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check. |
|
| PASS |
high |
acm |
ap-south-1 |
Check if ACM Certificates are about to expire in specific days or less |
demoaudit.fugoone.com |
Check if ACM Certificates are about to expire in specific days or less |
acm_certificates_expiration_check |
ACM Certificate for demoaudit.fugoone.com expires in 17 days. |
Expired certificates can impact service availability. |
Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check. |
|
| PASS |
high |
acm |
ap-south-1 |
Check if ACM Certificates are about to expire in specific days or less |
stagingknowfugo.fugoone.com |
Check if ACM Certificates are about to expire in specific days or less |
acm_certificates_expiration_check |
ACM Certificate for stagingknowfugo.fugoone.com expires in 85 days. |
Expired certificates can impact service availability. |
Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check. |
|
| PASS |
high |
acm |
ap-south-1 |
Check if ACM Certificates are about to expire in specific days or less |
fltitle.fugoone.com |
Check if ACM Certificates are about to expire in specific days or less |
acm_certificates_expiration_check |
ACM Certificate for fltitle.fugoone.com expires in 92 days. |
Expired certificates can impact service availability. |
Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check. |
|
| PASS |
high |
acm |
ap-south-1 |
Check if ACM Certificates are about to expire in specific days or less |
demo.fugoone.com |
Check if ACM Certificates are about to expire in specific days or less |
acm_certificates_expiration_check |
ACM Certificate for demo.fugoone.com expires in 105 days. |
Expired certificates can impact service availability. |
Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check. |
|
| PASS |
high |
acm |
ap-south-1 |
Check if ACM Certificates are about to expire in specific days or less |
newexample.fugoone.com |
Check if ACM Certificates are about to expire in specific days or less |
acm_certificates_expiration_check |
ACM Certificate for newexample.fugoone.com expires in 107 days. |
Expired certificates can impact service availability. |
Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check. |
|
| PASS |
high |
acm |
ap-south-1 |
Check if ACM Certificates are about to expire in specific days or less |
example.fugoone.com |
Check if ACM Certificates are about to expire in specific days or less |
acm_certificates_expiration_check |
ACM Certificate for example.fugoone.com expires in 107 days. |
Expired certificates can impact service availability. |
Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check. |
|
| PASS |
high |
acm |
ap-south-1 |
Check if ACM Certificates are about to expire in specific days or less |
title.fugoone.com |
Check if ACM Certificates are about to expire in specific days or less |
acm_certificates_expiration_check |
ACM Certificate for title.fugoone.com expires in 178 days. |
Expired certificates can impact service availability. |
Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check. |
|
| PASS |
high |
acm |
ap-south-1 |
Check if ACM Certificates are about to expire in specific days or less |
vapt1.fugoone.com |
Check if ACM Certificates are about to expire in specific days or less |
acm_certificates_expiration_check |
ACM Certificate for vapt1.fugoone.com expires in 183 days. |
Expired certificates can impact service availability. |
Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check. |
|
| PASS |
high |
acm |
ap-south-1 |
Check if ACM Certificates are about to expire in specific days or less |
*.fugoone.com |
Check if ACM Certificates are about to expire in specific days or less |
acm_certificates_expiration_check |
ACM Certificate for *.fugoone.com expires in 192 days. |
Expired certificates can impact service availability. |
Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check. |
|
| PASS |
high |
acm |
ap-south-1 |
Check if ACM Certificates are about to expire in specific days or less |
api.fugoone.com |
Check if ACM Certificates are about to expire in specific days or less |
acm_certificates_expiration_check |
ACM Certificate for api.fugoone.com expires in 196 days. |
Expired certificates can impact service availability. |
Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check. |
|
| PASS |
high |
acm |
ap-south-1 |
Check if ACM Certificates are about to expire in specific days or less |
fugoone.com |
Check if ACM Certificates are about to expire in specific days or less |
acm_certificates_expiration_check |
ACM Certificate for fugoone.com expires in 269 days. |
Expired certificates can impact service availability. |
Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check. |
|
| PASS |
high |
acm |
ap-south-1 |
Check if ACM Certificates are about to expire in specific days or less |
dr.fugoone.com |
Check if ACM Certificates are about to expire in specific days or less |
acm_certificates_expiration_check |
ACM Certificate for dr.fugoone.com expires in 287 days. |
Expired certificates can impact service availability. |
Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check. |
|
| PASS |
high |
acm |
ap-south-1 |
Check if ACM Certificates are about to expire in specific days or less |
knowfugo.fugoone.com |
Check if ACM Certificates are about to expire in specific days or less |
acm_certificates_expiration_check |
ACM Certificate for knowfugo.fugoone.com expires in 328 days. |
Expired certificates can impact service availability. |
Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check. |
|
| PASS |
high |
acm |
ap-south-1 |
Check if ACM Certificates are about to expire in specific days or less |
staging.fugoone.com |
Check if ACM Certificates are about to expire in specific days or less |
acm_certificates_expiration_check |
ACM Certificate for staging.fugoone.com expires in 328 days. |
Expired certificates can impact service availability. |
Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check. |
|
| PASS |
high |
acm |
ap-south-1 |
Check if ACM Certificates are about to expire in specific days or less |
test.fugoone.com |
Check if ACM Certificates are about to expire in specific days or less |
acm_certificates_expiration_check |
ACM Certificate for test.fugoone.com expires in 356 days. |
Expired certificates can impact service availability. |
Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check. |
|
| PASS |
medium |
acm |
ap-south-1 |
Check if ACM certificates have Certificate Transparency logging enabled |
*.fugoone.com |
Check if ACM certificates have Certificate Transparency logging enabled |
acm_certificates_transparency_logs_enabled |
ACM Certificate for *.fugoone.com has Certificate Transparency logging enabled. |
Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates. |
Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail. |
|
| PASS |
medium |
acm |
ap-south-1 |
Check if ACM certificates have Certificate Transparency logging enabled |
*.fugoone.com |
Check if ACM certificates have Certificate Transparency logging enabled |
acm_certificates_transparency_logs_enabled |
ACM Certificate for *.fugoone.com has Certificate Transparency logging enabled. |
Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates. |
Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail. |
|
| PASS |
medium |
acm |
ap-south-1 |
Check if ACM certificates have Certificate Transparency logging enabled |
demoaudit.fugoone.com |
Check if ACM certificates have Certificate Transparency logging enabled |
acm_certificates_transparency_logs_enabled |
ACM Certificate for demoaudit.fugoone.com has Certificate Transparency logging enabled. |
Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates. |
Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail. |
|
| PASS |
medium |
acm |
ap-south-1 |
Check if ACM certificates have Certificate Transparency logging enabled |
stagingknowfugo.fugoone.com |
Check if ACM certificates have Certificate Transparency logging enabled |
acm_certificates_transparency_logs_enabled |
ACM Certificate for stagingknowfugo.fugoone.com has Certificate Transparency logging enabled. |
Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates. |
Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail. |
|
| PASS |
medium |
acm |
ap-south-1 |
Check if ACM certificates have Certificate Transparency logging enabled |
fltitle.fugoone.com |
Check if ACM certificates have Certificate Transparency logging enabled |
acm_certificates_transparency_logs_enabled |
ACM Certificate for fltitle.fugoone.com has Certificate Transparency logging enabled. |
Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates. |
Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail. |
|
| PASS |
medium |
acm |
ap-south-1 |
Check if ACM certificates have Certificate Transparency logging enabled |
demo.fugoone.com |
Check if ACM certificates have Certificate Transparency logging enabled |
acm_certificates_transparency_logs_enabled |
ACM Certificate for demo.fugoone.com has Certificate Transparency logging enabled. |
Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates. |
Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail. |
|
| PASS |
medium |
acm |
ap-south-1 |
Check if ACM certificates have Certificate Transparency logging enabled |
newexample.fugoone.com |
Check if ACM certificates have Certificate Transparency logging enabled |
acm_certificates_transparency_logs_enabled |
ACM Certificate for newexample.fugoone.com has Certificate Transparency logging enabled. |
Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates. |
Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail. |
|
| PASS |
medium |
acm |
ap-south-1 |
Check if ACM certificates have Certificate Transparency logging enabled |
example.fugoone.com |
Check if ACM certificates have Certificate Transparency logging enabled |
acm_certificates_transparency_logs_enabled |
ACM Certificate for example.fugoone.com has Certificate Transparency logging enabled. |
Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates. |
Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail. |
|
| PASS |
medium |
acm |
ap-south-1 |
Check if ACM certificates have Certificate Transparency logging enabled |
title.fugoone.com |
Check if ACM certificates have Certificate Transparency logging enabled |
acm_certificates_transparency_logs_enabled |
ACM Certificate for title.fugoone.com has Certificate Transparency logging enabled. |
Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates. |
Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail. |
|
| PASS |
medium |
acm |
ap-south-1 |
Check if ACM certificates have Certificate Transparency logging enabled |
vapt1.fugoone.com |
Check if ACM certificates have Certificate Transparency logging enabled |
acm_certificates_transparency_logs_enabled |
ACM Certificate for vapt1.fugoone.com has Certificate Transparency logging enabled. |
Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates. |
Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail. |
|
| PASS |
medium |
acm |
ap-south-1 |
Check if ACM certificates have Certificate Transparency logging enabled |
*.fugoone.com |
Check if ACM certificates have Certificate Transparency logging enabled |
acm_certificates_transparency_logs_enabled |
ACM Certificate for *.fugoone.com has Certificate Transparency logging enabled. |
Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates. |
Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail. |
|
| PASS |
medium |
acm |
ap-south-1 |
Check if ACM certificates have Certificate Transparency logging enabled |
api.fugoone.com |
Check if ACM certificates have Certificate Transparency logging enabled |
acm_certificates_transparency_logs_enabled |
ACM Certificate for api.fugoone.com has Certificate Transparency logging enabled. |
Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates. |
Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail. |
|
| PASS |
medium |
acm |
ap-south-1 |
Check if ACM certificates have Certificate Transparency logging enabled |
fugoone.com |
Check if ACM certificates have Certificate Transparency logging enabled |
acm_certificates_transparency_logs_enabled |
ACM Certificate for fugoone.com has Certificate Transparency logging enabled. |
Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates. |
Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail. |
|
| PASS |
medium |
acm |
ap-south-1 |
Check if ACM certificates have Certificate Transparency logging enabled |
dr.fugoone.com |
Check if ACM certificates have Certificate Transparency logging enabled |
acm_certificates_transparency_logs_enabled |
ACM Certificate for dr.fugoone.com has Certificate Transparency logging enabled. |
Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates. |
Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail. |
|
| PASS |
medium |
acm |
ap-south-1 |
Check if ACM certificates have Certificate Transparency logging enabled |
knowfugo.fugoone.com |
Check if ACM certificates have Certificate Transparency logging enabled |
acm_certificates_transparency_logs_enabled |
ACM Certificate for knowfugo.fugoone.com has Certificate Transparency logging enabled. |
Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates. |
Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail. |
|
| PASS |
medium |
acm |
ap-south-1 |
Check if ACM certificates have Certificate Transparency logging enabled |
staging.fugoone.com |
Check if ACM certificates have Certificate Transparency logging enabled |
acm_certificates_transparency_logs_enabled |
ACM Certificate for staging.fugoone.com has Certificate Transparency logging enabled. |
Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates. |
Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail. |
|
| PASS |
medium |
acm |
ap-south-1 |
Check if ACM certificates have Certificate Transparency logging enabled |
test.fugoone.com |
Check if ACM certificates have Certificate Transparency logging enabled |
acm_certificates_transparency_logs_enabled |
ACM Certificate for test.fugoone.com has Certificate Transparency logging enabled. |
Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates. |
Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail. |
|
| PASS |
critical |
autoscaling |
ap-south-1 |
Find secrets in EC2 Auto Scaling Launch Configuration |
FUGO-PRODUCTION-APP |
Find secrets in EC2 Auto Scaling Launch Configuration |
autoscaling_find_secrets_ec2_launch_configuration |
No secrets found in autoscaling FUGO-PRODUCTION-APP since User Data is empty. |
The use of a hard-coded password increases the possibility of password guessing. If hard-coded passwords are used, it is possible that malicious users gain access through the account in question. |
Do not include sensitive information in user data within the launch configuration, try to use Secrets Manager instead. |
|
| FAIL |
low |
lambda |
ap-south-1 |
Check if Lambda functions invoke API operations are being recorded by CloudTrail. |
DeepSecuritySetup-e8cff1317-CreateDSMRoleLambda-zaF3qePwDijE |
Check if Lambda functions invoke API operations are being recorded by CloudTrail. |
awslambda_function_invoke_api_operations_cloudtrail_logging_enabled |
Lambda function DeepSecuritySetup-e8cff1317-CreateDSMRoleLambda-zaF3qePwDijE is not recorded by CloudTrail |
If logs are not enabled; monitoring of service use and threat analysis is not possible. |
Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail. |
|
| FAIL |
low |
lambda |
us-west-2 |
Check if Lambda functions invoke API operations are being recorded by CloudTrail. |
Nops-Integration-8d76-NopsLambdaLookupStack-pyjWgFmKAUu2 |
Check if Lambda functions invoke API operations are being recorded by CloudTrail. |
awslambda_function_invoke_api_operations_cloudtrail_logging_enabled |
Lambda function Nops-Integration-8d76-NopsLambdaLookupStack-pyjWgFmKAUu2 is not recorded by CloudTrail |
If logs are not enabled; monitoring of service use and threat analysis is not possible. |
Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail. |
|
| PASS |
critical |
lambda |
ap-south-1 |
Find secrets in Lambda functions code. |
DeepSecuritySetup-e8cff1317-CreateDSMRoleLambda-zaF3qePwDijE |
Find secrets in Lambda functions code. |
awslambda_function_no_secrets_in_code |
No secrets found in Lambda function DeepSecuritySetup-e8cff1317-CreateDSMRoleLambda-zaF3qePwDijE code |
The use of a hard-coded password increases the possibility of password guessing. If hard-coded passwords are used; it is possible that malicious users gain access through the account in question. |
Use Secrets Manager to securely provide database credentials to Lambda functions and secure the databases as well as use the credentials to connect and query them without hardcoding the secrets in code or passing them through environmental variables. |
|
| PASS |
critical |
lambda |
us-west-2 |
Find secrets in Lambda functions code. |
Nops-Integration-8d76-NopsLambdaLookupStack-pyjWgFmKAUu2 |
Find secrets in Lambda functions code. |
awslambda_function_no_secrets_in_code |
No secrets found in Lambda function Nops-Integration-8d76-NopsLambdaLookupStack-pyjWgFmKAUu2 code |
The use of a hard-coded password increases the possibility of password guessing. If hard-coded passwords are used; it is possible that malicious users gain access through the account in question. |
Use Secrets Manager to securely provide database credentials to Lambda functions and secure the databases as well as use the credentials to connect and query them without hardcoding the secrets in code or passing them through environmental variables. |
|
| PASS |
critical |
lambda |
ap-south-1 |
Find secrets in Lambda functions variables. |
DeepSecuritySetup-e8cff1317-CreateDSMRoleLambda-zaF3qePwDijE |
Find secrets in Lambda functions variables. |
awslambda_function_no_secrets_in_variables |
No secrets found in Lambda function DeepSecuritySetup-e8cff1317-CreateDSMRoleLambda-zaF3qePwDijE variables |
The use of a hard-coded password increases the possibility of password guessing. If hard-coded passwords are used; it is possible that malicious users gain access through the account in question. |
Use Secrets Manager to securely provide database credentials to Lambda functions and secure the databases as well as use the credentials to connect and query them without hardcoding the secrets in code or passing them through environmental variables. |
|
| PASS |
critical |
lambda |
us-west-2 |
Find secrets in Lambda functions variables. |
Nops-Integration-8d76-NopsLambdaLookupStack-pyjWgFmKAUu2 |
Find secrets in Lambda functions variables. |
awslambda_function_no_secrets_in_variables |
No secrets found in Lambda function Nops-Integration-8d76-NopsLambdaLookupStack-pyjWgFmKAUu2 variables |
The use of a hard-coded password increases the possibility of password guessing. If hard-coded passwords are used; it is possible that malicious users gain access through the account in question. |
Use Secrets Manager to securely provide database credentials to Lambda functions and secure the databases as well as use the credentials to connect and query them without hardcoding the secrets in code or passing them through environmental variables. |
|
| PASS |
critical |
lambda |
ap-south-1 |
heck if Lambda functions have resource-based policy set as Public. |
DeepSecuritySetup-e8cff1317-CreateDSMRoleLambda-zaF3qePwDijE |
Check if Lambda functions have resource-based policy set as Public. |
awslambda_function_not_publicly_accessible |
Lambda function DeepSecuritySetup-e8cff1317-CreateDSMRoleLambda-zaF3qePwDijE has a policy resource-based policy not public |
Publicly accessible services could expose sensitive data to bad actors. |
Grant usage permission on a per-resource basis and applying least privilege principle. |
|
| PASS |
critical |
lambda |
us-west-2 |
heck if Lambda functions have resource-based policy set as Public. |
Nops-Integration-8d76-NopsLambdaLookupStack-pyjWgFmKAUu2 |
Check if Lambda functions have resource-based policy set as Public. |
awslambda_function_not_publicly_accessible |
Lambda function Nops-Integration-8d76-NopsLambdaLookupStack-pyjWgFmKAUu2 has a policy resource-based policy not public |
Publicly accessible services could expose sensitive data to bad actors. |
Grant usage permission on a per-resource basis and applying least privilege principle. |
|
| PASS |
medium |
lambda |
ap-south-1 |
Find obsolete Lambda runtimes. |
DeepSecuritySetup-e8cff1317-CreateDSMRoleLambda-zaF3qePwDijE |
Find obsolete Lambda runtimes. |
awslambda_function_using_supported_runtimes |
Lambda function DeepSecuritySetup-e8cff1317-CreateDSMRoleLambda-zaF3qePwDijE is using nodejs12.x which is supported |
If you have functions running on a runtime that will be deprecated in the next 60 days; Lambda notifies you by email that you should prepare by migrating your function to a supported runtime. In some cases; such as security issues that require a backwards-incompatible update; or software that does not support a long-term support (LTS) schedule; advance notice might not be possible. After a runtime is deprecated; Lambda might retire it completely at any time by disabling invocation. Deprecated runtimes are not eligible for security updates or technical support. |
Test new runtimes as they are made available. Implement them in production as soon as possible. |
|
| PASS |
medium |
lambda |
us-west-2 |
Find obsolete Lambda runtimes. |
Nops-Integration-8d76-NopsLambdaLookupStack-pyjWgFmKAUu2 |
Find obsolete Lambda runtimes. |
awslambda_function_using_supported_runtimes |
Lambda function Nops-Integration-8d76-NopsLambdaLookupStack-pyjWgFmKAUu2 is using python3.7 which is supported |
If you have functions running on a runtime that will be deprecated in the next 60 days; Lambda notifies you by email that you should prepare by migrating your function to a supported runtime. In some cases; such as security issues that require a backwards-incompatible update; or software that does not support a long-term support (LTS) schedule; advance notice might not be possible. After a runtime is deprecated; Lambda might retire it completely at any time by disabling invocation. Deprecated runtimes are not eligible for security updates or technical support. |
Test new runtimes as they are made available. Implement them in production as soon as possible. |
|
| PASS |
critical |
cloudformation |
ap-south-1 |
Find secrets in CloudFormation outputs |
DeepSecuritySetup-e8cff1317 |
Find secrets in CloudFormation outputs |
cloudformation_outputs_find_secrets |
No secrets found in Stack DeepSecuritySetup-e8cff1317 Outputs. |
Secrets hardcoded into CloudFormation outputs can be used by malware and bad actors to gain lateral access to other services. |
Implement automated detective control to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets. |
|
| PASS |
critical |
cloudformation |
ap-south-1 |
Find secrets in CloudFormation outputs |
DeepSecuritySetup-357d0739a |
Find secrets in CloudFormation outputs |
cloudformation_outputs_find_secrets |
No secrets found in Stack DeepSecuritySetup-357d0739a Outputs. |
Secrets hardcoded into CloudFormation outputs can be used by malware and bad actors to gain lateral access to other services. |
Implement automated detective control to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets. |
|
| PASS |
critical |
cloudformation |
us-east-1 |
Find secrets in CloudFormation outputs |
DeepSecuritySetup-4e02218e7 |
Find secrets in CloudFormation outputs |
cloudformation_outputs_find_secrets |
CloudFormation DeepSecuritySetup-4e02218e7 has no Outputs. |
Secrets hardcoded into CloudFormation outputs can be used by malware and bad actors to gain lateral access to other services. |
Implement automated detective control to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets. |
|
| PASS |
critical |
cloudformation |
us-west-2 |
Find secrets in CloudFormation outputs |
Nops-Integration-8d76 |
Find secrets in CloudFormation outputs |
cloudformation_outputs_find_secrets |
No secrets found in Stack Nops-Integration-8d76 Outputs. |
Secrets hardcoded into CloudFormation outputs can be used by malware and bad actors to gain lateral access to other services. |
Implement automated detective control to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets. |
|
| FAIL |
medium |
cloudformation |
ap-south-1 |
Enable termination protection for Cloudformation Stacks |
DeepSecuritySetup-e8cff1317 |
Enable termination protection for Cloudformation Stacks |
cloudformation_stacks_termination_protection_enabled |
CloudFormation DeepSecuritySetup-e8cff1317 has termination protection disabled |
Without termination protection enabled; a critical cloudformation stack can be accidently deleted. |
Ensure termination protection is enabled for the cloudformation stacks. |
|
| FAIL |
medium |
cloudformation |
ap-south-1 |
Enable termination protection for Cloudformation Stacks |
DeepSecuritySetup-357d0739a |
Enable termination protection for Cloudformation Stacks |
cloudformation_stacks_termination_protection_enabled |
CloudFormation DeepSecuritySetup-357d0739a has termination protection disabled |
Without termination protection enabled; a critical cloudformation stack can be accidently deleted. |
Ensure termination protection is enabled for the cloudformation stacks. |
|
| FAIL |
medium |
cloudformation |
us-east-1 |
Enable termination protection for Cloudformation Stacks |
DeepSecuritySetup-4e02218e7 |
Enable termination protection for Cloudformation Stacks |
cloudformation_stacks_termination_protection_enabled |
CloudFormation DeepSecuritySetup-4e02218e7 has termination protection disabled |
Without termination protection enabled; a critical cloudformation stack can be accidently deleted. |
Ensure termination protection is enabled for the cloudformation stacks. |
|
| FAIL |
medium |
cloudformation |
us-west-2 |
Enable termination protection for Cloudformation Stacks |
Nops-Integration-8d76 |
Enable termination protection for Cloudformation Stacks |
cloudformation_stacks_termination_protection_enabled |
CloudFormation Nops-Integration-8d76 has termination protection disabled |
Without termination protection enabled; a critical cloudformation stack can be accidently deleted. |
Ensure termination protection is enabled for the cloudformation stacks. |
|
| PASS |
low |
cloudtrail |
ap-northeast-1 |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
AWS-TRAIL |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
cloudtrail_cloudwatch_logging_enabled |
Multiregion trail AWS-TRAIL has been logging the last 24h |
Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity. |
Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property. |
|
| PASS |
low |
cloudtrail |
ap-northeast-2 |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
AWS-TRAIL |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
cloudtrail_cloudwatch_logging_enabled |
Multiregion trail AWS-TRAIL has been logging the last 24h |
Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity. |
Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property. |
|
| PASS |
low |
cloudtrail |
ap-northeast-3 |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
AWS-TRAIL |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
cloudtrail_cloudwatch_logging_enabled |
Multiregion trail AWS-TRAIL has been logging the last 24h |
Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity. |
Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property. |
|
| PASS |
low |
cloudtrail |
ap-south-1 |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
AWS-TRAIL |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
cloudtrail_cloudwatch_logging_enabled |
Multiregion trail AWS-TRAIL has been logging the last 24h |
Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity. |
Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property. |
|
| PASS |
low |
cloudtrail |
ap-southeast-1 |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
AWS-TRAIL |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
cloudtrail_cloudwatch_logging_enabled |
Multiregion trail AWS-TRAIL has been logging the last 24h |
Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity. |
Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property. |
|
| PASS |
low |
cloudtrail |
ap-southeast-2 |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
AWS-TRAIL |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
cloudtrail_cloudwatch_logging_enabled |
Multiregion trail AWS-TRAIL has been logging the last 24h |
Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity. |
Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property. |
|
| PASS |
low |
cloudtrail |
ca-central-1 |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
AWS-TRAIL |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
cloudtrail_cloudwatch_logging_enabled |
Multiregion trail AWS-TRAIL has been logging the last 24h |
Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity. |
Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property. |
|
| PASS |
low |
cloudtrail |
eu-central-1 |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
AWS-TRAIL |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
cloudtrail_cloudwatch_logging_enabled |
Multiregion trail AWS-TRAIL has been logging the last 24h |
Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity. |
Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property. |
|
| PASS |
low |
cloudtrail |
eu-north-1 |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
AWS-TRAIL |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
cloudtrail_cloudwatch_logging_enabled |
Multiregion trail AWS-TRAIL has been logging the last 24h |
Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity. |
Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property. |
|
| PASS |
low |
cloudtrail |
eu-west-1 |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
AWS-TRAIL |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
cloudtrail_cloudwatch_logging_enabled |
Multiregion trail AWS-TRAIL has been logging the last 24h |
Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity. |
Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property. |
|
| PASS |
low |
cloudtrail |
eu-west-2 |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
AWS-TRAIL |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
cloudtrail_cloudwatch_logging_enabled |
Multiregion trail AWS-TRAIL has been logging the last 24h |
Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity. |
Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property. |
|
| PASS |
low |
cloudtrail |
eu-west-3 |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
AWS-TRAIL |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
cloudtrail_cloudwatch_logging_enabled |
Multiregion trail AWS-TRAIL has been logging the last 24h |
Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity. |
Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property. |
|
| PASS |
low |
cloudtrail |
sa-east-1 |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
AWS-TRAIL |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
cloudtrail_cloudwatch_logging_enabled |
Multiregion trail AWS-TRAIL has been logging the last 24h |
Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity. |
Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property. |
|
| PASS |
low |
cloudtrail |
us-east-1 |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
AWS-TRAIL |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
cloudtrail_cloudwatch_logging_enabled |
Multiregion trail AWS-TRAIL has been logging the last 24h |
Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity. |
Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property. |
|
| PASS |
low |
cloudtrail |
us-east-2 |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
AWS-TRAIL |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
cloudtrail_cloudwatch_logging_enabled |
Multiregion trail AWS-TRAIL has been logging the last 24h |
Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity. |
Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property. |
|
| PASS |
low |
cloudtrail |
us-west-1 |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
AWS-TRAIL |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
cloudtrail_cloudwatch_logging_enabled |
Multiregion trail AWS-TRAIL has been logging the last 24h |
Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity. |
Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property. |
|
| PASS |
low |
cloudtrail |
us-west-2 |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
AWS-TRAIL |
Ensure CloudTrail trails are integrated with CloudWatch Logs |
cloudtrail_cloudwatch_logging_enabled |
Multiregion trail AWS-TRAIL has been logging the last 24h |
Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity. |
Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property. |
|
| FAIL |
medium |
cloudtrail |
ap-northeast-1 |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
AWS-TRAIL |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
cloudtrail_kms_encryption_enabled |
Multiregion trail AWS-TRAIL has encryption disabled |
By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files. |
This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security. |
|
| FAIL |
medium |
cloudtrail |
ap-northeast-2 |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
AWS-TRAIL |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
cloudtrail_kms_encryption_enabled |
Multiregion trail AWS-TRAIL has encryption disabled |
By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files. |
This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security. |
|
| FAIL |
medium |
cloudtrail |
ap-northeast-3 |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
AWS-TRAIL |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
cloudtrail_kms_encryption_enabled |
Multiregion trail AWS-TRAIL has encryption disabled |
By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files. |
This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security. |
|
| FAIL |
medium |
cloudtrail |
ap-south-1 |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
AWS-TRAIL |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
cloudtrail_kms_encryption_enabled |
Multiregion trail AWS-TRAIL has encryption disabled |
By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files. |
This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security. |
|
| FAIL |
medium |
cloudtrail |
ap-southeast-1 |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
AWS-TRAIL |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
cloudtrail_kms_encryption_enabled |
Multiregion trail AWS-TRAIL has encryption disabled |
By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files. |
This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security. |
|
| FAIL |
medium |
cloudtrail |
ap-southeast-2 |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
AWS-TRAIL |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
cloudtrail_kms_encryption_enabled |
Multiregion trail AWS-TRAIL has encryption disabled |
By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files. |
This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security. |
|
| FAIL |
medium |
cloudtrail |
ca-central-1 |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
AWS-TRAIL |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
cloudtrail_kms_encryption_enabled |
Multiregion trail AWS-TRAIL has encryption disabled |
By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files. |
This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security. |
|
| FAIL |
medium |
cloudtrail |
eu-central-1 |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
AWS-TRAIL |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
cloudtrail_kms_encryption_enabled |
Multiregion trail AWS-TRAIL has encryption disabled |
By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files. |
This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security. |
|
| FAIL |
medium |
cloudtrail |
eu-north-1 |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
AWS-TRAIL |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
cloudtrail_kms_encryption_enabled |
Multiregion trail AWS-TRAIL has encryption disabled |
By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files. |
This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security. |
|
| FAIL |
medium |
cloudtrail |
eu-west-1 |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
AWS-TRAIL |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
cloudtrail_kms_encryption_enabled |
Multiregion trail AWS-TRAIL has encryption disabled |
By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files. |
This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security. |
|
| FAIL |
medium |
cloudtrail |
eu-west-2 |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
AWS-TRAIL |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
cloudtrail_kms_encryption_enabled |
Multiregion trail AWS-TRAIL has encryption disabled |
By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files. |
This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security. |
|
| FAIL |
medium |
cloudtrail |
eu-west-3 |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
AWS-TRAIL |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
cloudtrail_kms_encryption_enabled |
Multiregion trail AWS-TRAIL has encryption disabled |
By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files. |
This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security. |
|
| FAIL |
medium |
cloudtrail |
sa-east-1 |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
AWS-TRAIL |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
cloudtrail_kms_encryption_enabled |
Multiregion trail AWS-TRAIL has encryption disabled |
By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files. |
This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security. |
|
| FAIL |
medium |
cloudtrail |
us-east-1 |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
AWS-TRAIL |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
cloudtrail_kms_encryption_enabled |
Multiregion trail AWS-TRAIL has encryption disabled |
By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files. |
This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security. |
|
| FAIL |
medium |
cloudtrail |
us-east-2 |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
AWS-TRAIL |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
cloudtrail_kms_encryption_enabled |
Multiregion trail AWS-TRAIL has encryption disabled |
By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files. |
This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security. |
|
| FAIL |
medium |
cloudtrail |
us-west-1 |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
AWS-TRAIL |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
cloudtrail_kms_encryption_enabled |
Multiregion trail AWS-TRAIL has encryption disabled |
By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files. |
This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security. |
|
| FAIL |
medium |
cloudtrail |
us-west-2 |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
AWS-TRAIL |
Ensure CloudTrail logs are encrypted at rest using KMS CMKs |
cloudtrail_kms_encryption_enabled |
Multiregion trail AWS-TRAIL has encryption disabled |
By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files. |
This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security. |
|
| PASS |
medium |
cloudtrail |
ap-northeast-1 |
Ensure CloudTrail log file validation is enabled |
AWS-TRAIL |
Ensure CloudTrail log file validation is enabled |
cloudtrail_log_file_validation_enabled |
Multiregion trail AWS-TRAIL log file validation enabled |
Enabling log file validation will provide additional integrity checking of CloudTrail logs. |
Ensure LogFileValidationEnabled is set to true for each trail. |
|
| PASS |
medium |
cloudtrail |
ap-northeast-2 |
Ensure CloudTrail log file validation is enabled |
AWS-TRAIL |
Ensure CloudTrail log file validation is enabled |
cloudtrail_log_file_validation_enabled |
Multiregion trail AWS-TRAIL log file validation enabled |
Enabling log file validation will provide additional integrity checking of CloudTrail logs. |
Ensure LogFileValidationEnabled is set to true for each trail. |
|
| PASS |
medium |
cloudtrail |
ap-northeast-3 |
Ensure CloudTrail log file validation is enabled |
AWS-TRAIL |
Ensure CloudTrail log file validation is enabled |
cloudtrail_log_file_validation_enabled |
Multiregion trail AWS-TRAIL log file validation enabled |
Enabling log file validation will provide additional integrity checking of CloudTrail logs. |
Ensure LogFileValidationEnabled is set to true for each trail. |
|
| PASS |
medium |
cloudtrail |
ap-south-1 |
Ensure CloudTrail log file validation is enabled |
AWS-TRAIL |
Ensure CloudTrail log file validation is enabled |
cloudtrail_log_file_validation_enabled |
Multiregion trail AWS-TRAIL log file validation enabled |
Enabling log file validation will provide additional integrity checking of CloudTrail logs. |
Ensure LogFileValidationEnabled is set to true for each trail. |
|
| PASS |
medium |
cloudtrail |
ap-southeast-1 |
Ensure CloudTrail log file validation is enabled |
AWS-TRAIL |
Ensure CloudTrail log file validation is enabled |
cloudtrail_log_file_validation_enabled |
Multiregion trail AWS-TRAIL log file validation enabled |
Enabling log file validation will provide additional integrity checking of CloudTrail logs. |
Ensure LogFileValidationEnabled is set to true for each trail. |
|
| PASS |
medium |
cloudtrail |
ap-southeast-2 |
Ensure CloudTrail log file validation is enabled |
AWS-TRAIL |
Ensure CloudTrail log file validation is enabled |
cloudtrail_log_file_validation_enabled |
Multiregion trail AWS-TRAIL log file validation enabled |
Enabling log file validation will provide additional integrity checking of CloudTrail logs. |
Ensure LogFileValidationEnabled is set to true for each trail. |
|
| PASS |
medium |
cloudtrail |
ca-central-1 |
Ensure CloudTrail log file validation is enabled |
AWS-TRAIL |
Ensure CloudTrail log file validation is enabled |
cloudtrail_log_file_validation_enabled |
Multiregion trail AWS-TRAIL log file validation enabled |
Enabling log file validation will provide additional integrity checking of CloudTrail logs. |
Ensure LogFileValidationEnabled is set to true for each trail. |
|
| PASS |
medium |
cloudtrail |
eu-central-1 |
Ensure CloudTrail log file validation is enabled |
AWS-TRAIL |
Ensure CloudTrail log file validation is enabled |
cloudtrail_log_file_validation_enabled |
Multiregion trail AWS-TRAIL log file validation enabled |
Enabling log file validation will provide additional integrity checking of CloudTrail logs. |
Ensure LogFileValidationEnabled is set to true for each trail. |
|
| PASS |
medium |
cloudtrail |
eu-north-1 |
Ensure CloudTrail log file validation is enabled |
AWS-TRAIL |
Ensure CloudTrail log file validation is enabled |
cloudtrail_log_file_validation_enabled |
Multiregion trail AWS-TRAIL log file validation enabled |
Enabling log file validation will provide additional integrity checking of CloudTrail logs. |
Ensure LogFileValidationEnabled is set to true for each trail. |
|
| PASS |
medium |
cloudtrail |
eu-west-1 |
Ensure CloudTrail log file validation is enabled |
AWS-TRAIL |
Ensure CloudTrail log file validation is enabled |
cloudtrail_log_file_validation_enabled |
Multiregion trail AWS-TRAIL log file validation enabled |
Enabling log file validation will provide additional integrity checking of CloudTrail logs. |
Ensure LogFileValidationEnabled is set to true for each trail. |
|
| PASS |
medium |
cloudtrail |
eu-west-2 |
Ensure CloudTrail log file validation is enabled |
AWS-TRAIL |
Ensure CloudTrail log file validation is enabled |
cloudtrail_log_file_validation_enabled |
Multiregion trail AWS-TRAIL log file validation enabled |
Enabling log file validation will provide additional integrity checking of CloudTrail logs. |
Ensure LogFileValidationEnabled is set to true for each trail. |
|
| PASS |
medium |
cloudtrail |
eu-west-3 |
Ensure CloudTrail log file validation is enabled |
AWS-TRAIL |
Ensure CloudTrail log file validation is enabled |
cloudtrail_log_file_validation_enabled |
Multiregion trail AWS-TRAIL log file validation enabled |
Enabling log file validation will provide additional integrity checking of CloudTrail logs. |
Ensure LogFileValidationEnabled is set to true for each trail. |
|
| PASS |
medium |
cloudtrail |
sa-east-1 |
Ensure CloudTrail log file validation is enabled |
AWS-TRAIL |
Ensure CloudTrail log file validation is enabled |
cloudtrail_log_file_validation_enabled |
Multiregion trail AWS-TRAIL log file validation enabled |
Enabling log file validation will provide additional integrity checking of CloudTrail logs. |
Ensure LogFileValidationEnabled is set to true for each trail. |
|
| PASS |
medium |
cloudtrail |
us-east-1 |
Ensure CloudTrail log file validation is enabled |
AWS-TRAIL |
Ensure CloudTrail log file validation is enabled |
cloudtrail_log_file_validation_enabled |
Multiregion trail AWS-TRAIL log file validation enabled |
Enabling log file validation will provide additional integrity checking of CloudTrail logs. |
Ensure LogFileValidationEnabled is set to true for each trail. |
|
| PASS |
medium |
cloudtrail |
us-east-2 |
Ensure CloudTrail log file validation is enabled |
AWS-TRAIL |
Ensure CloudTrail log file validation is enabled |
cloudtrail_log_file_validation_enabled |
Multiregion trail AWS-TRAIL log file validation enabled |
Enabling log file validation will provide additional integrity checking of CloudTrail logs. |
Ensure LogFileValidationEnabled is set to true for each trail. |
|
| PASS |
medium |
cloudtrail |
us-west-1 |
Ensure CloudTrail log file validation is enabled |
AWS-TRAIL |
Ensure CloudTrail log file validation is enabled |
cloudtrail_log_file_validation_enabled |
Multiregion trail AWS-TRAIL log file validation enabled |
Enabling log file validation will provide additional integrity checking of CloudTrail logs. |
Ensure LogFileValidationEnabled is set to true for each trail. |
|
| PASS |
medium |
cloudtrail |
us-west-2 |
Ensure CloudTrail log file validation is enabled |
AWS-TRAIL |
Ensure CloudTrail log file validation is enabled |
cloudtrail_log_file_validation_enabled |
Multiregion trail AWS-TRAIL log file validation enabled |
Enabling log file validation will provide additional integrity checking of CloudTrail logs. |
Ensure LogFileValidationEnabled is set to true for each trail. |
|
| PASS |
medium |
cloudtrail |
ap-northeast-1 |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
AWS-TRAIL |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
cloudtrail_logs_s3_bucket_access_logging_enabled |
Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs |
Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill. |
Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive. |
|
| PASS |
medium |
cloudtrail |
ap-northeast-2 |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
AWS-TRAIL |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
cloudtrail_logs_s3_bucket_access_logging_enabled |
Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs |
Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill. |
Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive. |
|
| PASS |
medium |
cloudtrail |
ap-northeast-3 |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
AWS-TRAIL |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
cloudtrail_logs_s3_bucket_access_logging_enabled |
Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs |
Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill. |
Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive. |
|
| PASS |
medium |
cloudtrail |
ap-south-1 |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
AWS-TRAIL |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
cloudtrail_logs_s3_bucket_access_logging_enabled |
Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs |
Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill. |
Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive. |
|
| PASS |
medium |
cloudtrail |
ap-southeast-1 |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
AWS-TRAIL |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
cloudtrail_logs_s3_bucket_access_logging_enabled |
Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs |
Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill. |
Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive. |
|
| PASS |
medium |
cloudtrail |
ap-southeast-2 |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
AWS-TRAIL |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
cloudtrail_logs_s3_bucket_access_logging_enabled |
Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs |
Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill. |
Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive. |
|
| PASS |
medium |
cloudtrail |
ca-central-1 |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
AWS-TRAIL |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
cloudtrail_logs_s3_bucket_access_logging_enabled |
Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs |
Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill. |
Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive. |
|
| PASS |
medium |
cloudtrail |
eu-central-1 |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
AWS-TRAIL |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
cloudtrail_logs_s3_bucket_access_logging_enabled |
Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs |
Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill. |
Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive. |
|
| PASS |
medium |
cloudtrail |
eu-north-1 |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
AWS-TRAIL |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
cloudtrail_logs_s3_bucket_access_logging_enabled |
Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs |
Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill. |
Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive. |
|
| PASS |
medium |
cloudtrail |
eu-west-1 |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
AWS-TRAIL |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
cloudtrail_logs_s3_bucket_access_logging_enabled |
Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs |
Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill. |
Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive. |
|
| PASS |
medium |
cloudtrail |
eu-west-2 |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
AWS-TRAIL |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
cloudtrail_logs_s3_bucket_access_logging_enabled |
Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs |
Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill. |
Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive. |
|
| PASS |
medium |
cloudtrail |
eu-west-3 |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
AWS-TRAIL |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
cloudtrail_logs_s3_bucket_access_logging_enabled |
Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs |
Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill. |
Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive. |
|
| PASS |
medium |
cloudtrail |
sa-east-1 |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
AWS-TRAIL |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
cloudtrail_logs_s3_bucket_access_logging_enabled |
Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs |
Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill. |
Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive. |
|
| PASS |
medium |
cloudtrail |
us-east-1 |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
AWS-TRAIL |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
cloudtrail_logs_s3_bucket_access_logging_enabled |
Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs |
Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill. |
Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive. |
|
| PASS |
medium |
cloudtrail |
us-east-2 |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
AWS-TRAIL |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
cloudtrail_logs_s3_bucket_access_logging_enabled |
Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs |
Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill. |
Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive. |
|
| PASS |
medium |
cloudtrail |
us-west-1 |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
AWS-TRAIL |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
cloudtrail_logs_s3_bucket_access_logging_enabled |
Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs |
Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill. |
Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive. |
|
| PASS |
medium |
cloudtrail |
us-west-2 |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
AWS-TRAIL |
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket |
cloudtrail_logs_s3_bucket_access_logging_enabled |
Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs |
Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill. |
Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive. |
|
| PASS |
critical |
cloudtrail |
ap-northeast-1 |
Ensure the S3 bucket CloudTrail logs is not publicly accessible |
AWS-TRAIL |
Ensure the S3 bucket CloudTrail logs to is not publicly accessible |
cloudtrail_logs_s3_bucket_is_not_publicly_accessible |
S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible |
Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration. |
Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges. |
|
| PASS |
critical |
cloudtrail |
ap-northeast-2 |
Ensure the S3 bucket CloudTrail logs is not publicly accessible |
AWS-TRAIL |
Ensure the S3 bucket CloudTrail logs to is not publicly accessible |
cloudtrail_logs_s3_bucket_is_not_publicly_accessible |
S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible |
Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration. |
Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges. |
|
| PASS |
critical |
cloudtrail |
ap-northeast-3 |
Ensure the S3 bucket CloudTrail logs is not publicly accessible |
AWS-TRAIL |
Ensure the S3 bucket CloudTrail logs to is not publicly accessible |
cloudtrail_logs_s3_bucket_is_not_publicly_accessible |
S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible |
Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration. |
Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges. |
|
| PASS |
critical |
cloudtrail |
ap-south-1 |
Ensure the S3 bucket CloudTrail logs is not publicly accessible |
AWS-TRAIL |
Ensure the S3 bucket CloudTrail logs to is not publicly accessible |
cloudtrail_logs_s3_bucket_is_not_publicly_accessible |
S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible |
Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration. |
Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges. |
|
| PASS |
critical |
cloudtrail |
ap-southeast-1 |
Ensure the S3 bucket CloudTrail logs is not publicly accessible |
AWS-TRAIL |
Ensure the S3 bucket CloudTrail logs to is not publicly accessible |
cloudtrail_logs_s3_bucket_is_not_publicly_accessible |
S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible |
Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration. |
Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges. |
|
| PASS |
critical |
cloudtrail |
ap-southeast-2 |
Ensure the S3 bucket CloudTrail logs is not publicly accessible |
AWS-TRAIL |
Ensure the S3 bucket CloudTrail logs to is not publicly accessible |
cloudtrail_logs_s3_bucket_is_not_publicly_accessible |
S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible |
Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration. |
Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges. |
|
| PASS |
critical |
cloudtrail |
ca-central-1 |
Ensure the S3 bucket CloudTrail logs is not publicly accessible |
AWS-TRAIL |
Ensure the S3 bucket CloudTrail logs to is not publicly accessible |
cloudtrail_logs_s3_bucket_is_not_publicly_accessible |
S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible |
Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration. |
Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges. |
|
| PASS |
critical |
cloudtrail |
eu-central-1 |
Ensure the S3 bucket CloudTrail logs is not publicly accessible |
AWS-TRAIL |
Ensure the S3 bucket CloudTrail logs to is not publicly accessible |
cloudtrail_logs_s3_bucket_is_not_publicly_accessible |
S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible |
Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration. |
Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges. |
|
| PASS |
critical |
cloudtrail |
eu-north-1 |
Ensure the S3 bucket CloudTrail logs is not publicly accessible |
AWS-TRAIL |
Ensure the S3 bucket CloudTrail logs to is not publicly accessible |
cloudtrail_logs_s3_bucket_is_not_publicly_accessible |
S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible |
Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration. |
Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges. |
|
| PASS |
critical |
cloudtrail |
eu-west-1 |
Ensure the S3 bucket CloudTrail logs is not publicly accessible |
AWS-TRAIL |
Ensure the S3 bucket CloudTrail logs to is not publicly accessible |
cloudtrail_logs_s3_bucket_is_not_publicly_accessible |
S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible |
Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration. |
Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges. |
|
| PASS |
critical |
cloudtrail |
eu-west-2 |
Ensure the S3 bucket CloudTrail logs is not publicly accessible |
AWS-TRAIL |
Ensure the S3 bucket CloudTrail logs to is not publicly accessible |
cloudtrail_logs_s3_bucket_is_not_publicly_accessible |
S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible |
Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration. |
Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges. |
|
| PASS |
critical |
cloudtrail |
eu-west-3 |
Ensure the S3 bucket CloudTrail logs is not publicly accessible |
AWS-TRAIL |
Ensure the S3 bucket CloudTrail logs to is not publicly accessible |
cloudtrail_logs_s3_bucket_is_not_publicly_accessible |
S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible |
Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration. |
Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges. |
|
| PASS |
critical |
cloudtrail |
sa-east-1 |
Ensure the S3 bucket CloudTrail logs is not publicly accessible |
AWS-TRAIL |
Ensure the S3 bucket CloudTrail logs to is not publicly accessible |
cloudtrail_logs_s3_bucket_is_not_publicly_accessible |
S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible |
Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration. |
Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges. |
|
| PASS |
critical |
cloudtrail |
us-east-1 |
Ensure the S3 bucket CloudTrail logs is not publicly accessible |
AWS-TRAIL |
Ensure the S3 bucket CloudTrail logs to is not publicly accessible |
cloudtrail_logs_s3_bucket_is_not_publicly_accessible |
S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible |
Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration. |
Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges. |
|
| PASS |
critical |
cloudtrail |
us-east-2 |
Ensure the S3 bucket CloudTrail logs is not publicly accessible |
AWS-TRAIL |
Ensure the S3 bucket CloudTrail logs to is not publicly accessible |
cloudtrail_logs_s3_bucket_is_not_publicly_accessible |
S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible |
Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration. |
Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges. |
|
| PASS |
critical |
cloudtrail |
us-west-1 |
Ensure the S3 bucket CloudTrail logs is not publicly accessible |
AWS-TRAIL |
Ensure the S3 bucket CloudTrail logs to is not publicly accessible |
cloudtrail_logs_s3_bucket_is_not_publicly_accessible |
S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible |
Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration. |
Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges. |
|
| PASS |
critical |
cloudtrail |
us-west-2 |
Ensure the S3 bucket CloudTrail logs is not publicly accessible |
AWS-TRAIL |
Ensure the S3 bucket CloudTrail logs to is not publicly accessible |
cloudtrail_logs_s3_bucket_is_not_publicly_accessible |
S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible |
Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration. |
Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges. |
|
| PASS |
high |
cloudtrail |
ap-northeast-1 |
Ensure CloudTrail is enabled in all regions |
AWS-TRAIL |
Ensure CloudTrail is enabled in all regions |
cloudtrail_multi_region_enabled |
Trail AWS-TRAIL is multiregion and it is logging |
AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service. |
Ensure Logging is set to ON on all regions (even if they are not being used at the moment. |
|
| PASS |
high |
cloudtrail |
ap-northeast-2 |
Ensure CloudTrail is enabled in all regions |
AWS-TRAIL |
Ensure CloudTrail is enabled in all regions |
cloudtrail_multi_region_enabled |
Trail AWS-TRAIL is multiregion and it is logging |
AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service. |
Ensure Logging is set to ON on all regions (even if they are not being used at the moment. |
|
| PASS |
high |
cloudtrail |
ap-northeast-3 |
Ensure CloudTrail is enabled in all regions |
AWS-TRAIL |
Ensure CloudTrail is enabled in all regions |
cloudtrail_multi_region_enabled |
Trail AWS-TRAIL is multiregion and it is logging |
AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service. |
Ensure Logging is set to ON on all regions (even if they are not being used at the moment. |
|
| PASS |
high |
cloudtrail |
ap-south-1 |
Ensure CloudTrail is enabled in all regions |
AWS-TRAIL |
Ensure CloudTrail is enabled in all regions |
cloudtrail_multi_region_enabled |
Trail AWS-TRAIL is multiregion and it is logging |
AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service. |
Ensure Logging is set to ON on all regions (even if they are not being used at the moment. |
|
| PASS |
high |
cloudtrail |
ap-southeast-1 |
Ensure CloudTrail is enabled in all regions |
AWS-TRAIL |
Ensure CloudTrail is enabled in all regions |
cloudtrail_multi_region_enabled |
Trail AWS-TRAIL is multiregion and it is logging |
AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service. |
Ensure Logging is set to ON on all regions (even if they are not being used at the moment. |
|
| PASS |
high |
cloudtrail |
ap-southeast-2 |
Ensure CloudTrail is enabled in all regions |
AWS-TRAIL |
Ensure CloudTrail is enabled in all regions |
cloudtrail_multi_region_enabled |
Trail AWS-TRAIL is multiregion and it is logging |
AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service. |
Ensure Logging is set to ON on all regions (even if they are not being used at the moment. |
|
| PASS |
high |
cloudtrail |
ca-central-1 |
Ensure CloudTrail is enabled in all regions |
AWS-TRAIL |
Ensure CloudTrail is enabled in all regions |
cloudtrail_multi_region_enabled |
Trail AWS-TRAIL is multiregion and it is logging |
AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service. |
Ensure Logging is set to ON on all regions (even if they are not being used at the moment. |
|
| PASS |
high |
cloudtrail |
eu-central-1 |
Ensure CloudTrail is enabled in all regions |
AWS-TRAIL |
Ensure CloudTrail is enabled in all regions |
cloudtrail_multi_region_enabled |
Trail AWS-TRAIL is multiregion and it is logging |
AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service. |
Ensure Logging is set to ON on all regions (even if they are not being used at the moment. |
|
| PASS |
high |
cloudtrail |
eu-north-1 |
Ensure CloudTrail is enabled in all regions |
AWS-TRAIL |
Ensure CloudTrail is enabled in all regions |
cloudtrail_multi_region_enabled |
Trail AWS-TRAIL is multiregion and it is logging |
AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service. |
Ensure Logging is set to ON on all regions (even if they are not being used at the moment. |
|
| PASS |
high |
cloudtrail |
eu-west-1 |
Ensure CloudTrail is enabled in all regions |
AWS-TRAIL |
Ensure CloudTrail is enabled in all regions |
cloudtrail_multi_region_enabled |
Trail AWS-TRAIL is multiregion and it is logging |
AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service. |
Ensure Logging is set to ON on all regions (even if they are not being used at the moment. |
|
| PASS |
high |
cloudtrail |
eu-west-2 |
Ensure CloudTrail is enabled in all regions |
AWS-TRAIL |
Ensure CloudTrail is enabled in all regions |
cloudtrail_multi_region_enabled |
Trail AWS-TRAIL is multiregion and it is logging |
AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service. |
Ensure Logging is set to ON on all regions (even if they are not being used at the moment. |
|
| PASS |
high |
cloudtrail |
eu-west-3 |
Ensure CloudTrail is enabled in all regions |
AWS-TRAIL |
Ensure CloudTrail is enabled in all regions |
cloudtrail_multi_region_enabled |
Trail AWS-TRAIL is multiregion and it is logging |
AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service. |
Ensure Logging is set to ON on all regions (even if they are not being used at the moment. |
|
| PASS |
high |
cloudtrail |
sa-east-1 |
Ensure CloudTrail is enabled in all regions |
AWS-TRAIL |
Ensure CloudTrail is enabled in all regions |
cloudtrail_multi_region_enabled |
Trail AWS-TRAIL is multiregion and it is logging |
AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service. |
Ensure Logging is set to ON on all regions (even if they are not being used at the moment. |
|
| PASS |
high |
cloudtrail |
us-east-1 |
Ensure CloudTrail is enabled in all regions |
AWS-TRAIL |
Ensure CloudTrail is enabled in all regions |
cloudtrail_multi_region_enabled |
Trail AWS-TRAIL is multiregion and it is logging |
AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service. |
Ensure Logging is set to ON on all regions (even if they are not being used at the moment. |
|
| PASS |
high |
cloudtrail |
us-east-2 |
Ensure CloudTrail is enabled in all regions |
AWS-TRAIL |
Ensure CloudTrail is enabled in all regions |
cloudtrail_multi_region_enabled |
Trail AWS-TRAIL is multiregion and it is logging |
AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service. |
Ensure Logging is set to ON on all regions (even if they are not being used at the moment. |
|
| PASS |
high |
cloudtrail |
us-west-1 |
Ensure CloudTrail is enabled in all regions |
AWS-TRAIL |
Ensure CloudTrail is enabled in all regions |
cloudtrail_multi_region_enabled |
Trail AWS-TRAIL is multiregion and it is logging |
AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service. |
Ensure Logging is set to ON on all regions (even if they are not being used at the moment. |
|
| PASS |
high |
cloudtrail |
us-west-2 |
Ensure CloudTrail is enabled in all regions |
AWS-TRAIL |
Ensure CloudTrail is enabled in all regions |
cloudtrail_multi_region_enabled |
Trail AWS-TRAIL is multiregion and it is logging |
AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service. |
Ensure Logging is set to ON on all regions (even if they are not being used at the moment. |
|
| FAIL |
low |
cloudtrail |
ap-south-1 |
Check if S3 buckets have Object-level logging for read events is enabled in CloudTrail. |
No trails |
Ensure that all your AWS CloudTrail trails are configured to log Data events in order to record S3 object-level API operations, such as GetObject, DeleteObject and PutObject, for individual S3 buckets or for all current and future S3 buckets provisioned in your AWS account. |
cloudtrail_s3_dataevents_read_enabled |
No CloudTrail trails have a data event to record all S3 object-level API operations. |
If logs are not enabled, monitoring of service use and threat analysis is not possible. |
Enable logs. Create an S3 lifecycle policy. Define use cases, metrics and automated responses where applicable. |
|
| FAIL |
low |
cloudtrail |
ap-south-1 |
Check if S3 buckets have Object-level logging for write events is enabled in CloudTrail. |
No trails |
Ensure that all your AWS CloudTrail trails are configured to log Data events in order to record S3 object-level API operations, such as GetObject, DeleteObject and PutObject, for individual S3 buckets or for all current and future S3 buckets provisioned in your AWS account. |
cloudtrail_s3_dataevents_write_enabled |
No CloudTrail trails have a data event to record all S3 object-level API operations. |
If logs are not enabled, monitoring of service use and threat analysis is not possible. |
Enable logs. Create an S3 lifecycle policy. Define use cases, metrics and automated responses where applicable. |
|
| PASS |
medium |
cloudwatch |
ap-south-1 |
Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL). |
aws-cloudtrail-logs-207592916039-a7ba1fd6 |
Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL). |
cloudwatch_changes_to_network_acls_alarm_configured |
CloudWatch log group aws-cloudtrail-logs-207592916039-a7ba1fd6 found with metric filter FUGO-NACL-ALERTS and alarms set. |
Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity. |
It is recommended that a metric filter and alarm be established for unauthorized requests. |
|
| PASS |
medium |
cloudwatch |
ap-south-1 |
Ensure a log metric filter and alarm exist for changes to network gateways. |
aws-cloudtrail-logs-207592916039-a7ba1fd6 |
Ensure a log metric filter and alarm exist for changes to network gateways. |
cloudwatch_changes_to_network_gateways_alarm_configured |
CloudWatch log group aws-cloudtrail-logs-207592916039-a7ba1fd6 found with metric filter Network_Gtaeway_alerts and alarms set. |
Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity. |
It is recommended that a metric filter and alarm be established for unauthorized requests. |
|
| FAIL |
medium |
cloudwatch |
us-east-1 |
Ensure a log metric filter and alarm exist for route table changes. |
207592916039 |
Ensure a log metric filter and alarm exist for route table changes. |
cloudwatch_changes_to_network_route_tables_alarm_configured |
No CloudWatch log groups found with metric filters or alarms associated. |
Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity. |
It is recommended that a metric filter and alarm be established for unauthorized requests. |
|
| PASS |
medium |
cloudwatch |
ap-south-1 |
Ensure a log metric filter and alarm exist for VPC changes. |
aws-cloudtrail-logs-207592916039-a7ba1fd6 |
Ensure a log metric filter and alarm exist for VPC changes. |
cloudwatch_changes_to_vpcs_alarm_configured |
CloudWatch log group aws-cloudtrail-logs-207592916039-a7ba1fd6 found with metric filter FUGO-VPC-CHANGE-ALERTS and alarms set. |
Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity. |
It is recommended that a metric filter and alarm be established for unauthorized requests. |
|
| PASS |
medium |
cloudwatch |
ap-south-1 |
Check if CloudWatch has allowed cross-account sharing. |
CloudWatch-CrossAccountSharingRole |
Check if CloudWatch has allowed cross-account sharing. |
cloudwatch_cross_account_sharing_disabled |
CloudWatch doesn't allows cross-account sharing |
Cross-Account access to CloudWatch could increase the risk of compromising information between accounts. |
Grant usage permission on a per-resource basis to enforce least privilege and Zero Trust principles. |
|
| FAIL |
medium |
cloudwatch |
ap-south-1 |
Check if CloudWatch log groups are protected by AWS KMS. |
/aws/lambda/DeepSecuritySetup-357d0739a-CreateDSMRoleLambda-AYU11WBM5A65 |
Check if CloudWatch log groups are protected by AWS KMS. |
cloudwatch_log_group_kms_encryption_enabled |
Log Group /aws/lambda/DeepSecuritySetup-357d0739a-CreateDSMRoleLambda-AYU11WBM5A65 does not have AWS KMS keys associated. |
Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data. |
Associate KMS Key with Cloudwatch log group. |
|
| FAIL |
medium |
cloudwatch |
ap-south-1 |
Check if CloudWatch log groups are protected by AWS KMS. |
/aws/lambda/DeepSecuritySetup-e8cff1317-CreateDSMRoleLambda-zaF3qePwDijE |
Check if CloudWatch log groups are protected by AWS KMS. |
cloudwatch_log_group_kms_encryption_enabled |
Log Group /aws/lambda/DeepSecuritySetup-e8cff1317-CreateDSMRoleLambda-zaF3qePwDijE does not have AWS KMS keys associated. |
Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data. |
Associate KMS Key with Cloudwatch log group. |
|
| FAIL |
medium |
cloudwatch |
ap-south-1 |
Check if CloudWatch log groups are protected by AWS KMS. |
/aws/rds/cluster/fugo-prod-db/error |
Check if CloudWatch log groups are protected by AWS KMS. |
cloudwatch_log_group_kms_encryption_enabled |
Log Group /aws/rds/cluster/fugo-prod-db/error does not have AWS KMS keys associated. |
Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data. |
Associate KMS Key with Cloudwatch log group. |
|
| FAIL |
medium |
cloudwatch |
ap-south-1 |
Check if CloudWatch log groups are protected by AWS KMS. |
/aws/rds/cluster/fugo-production-db/error |
Check if CloudWatch log groups are protected by AWS KMS. |
cloudwatch_log_group_kms_encryption_enabled |
Log Group /aws/rds/cluster/fugo-production-db/error does not have AWS KMS keys associated. |
Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data. |
Associate KMS Key with Cloudwatch log group. |
|
| FAIL |
medium |
cloudwatch |
ap-south-1 |
Check if CloudWatch log groups are protected by AWS KMS. |
/aws/rds/instance/demo-audit-rds/error |
Check if CloudWatch log groups are protected by AWS KMS. |
cloudwatch_log_group_kms_encryption_enabled |
Log Group /aws/rds/instance/demo-audit-rds/error does not have AWS KMS keys associated. |
Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data. |
Associate KMS Key with Cloudwatch log group. |
|
| FAIL |
medium |
cloudwatch |
ap-south-1 |
Check if CloudWatch log groups are protected by AWS KMS. |
/aws/rds/instance/fugo-prod-db/error |
Check if CloudWatch log groups are protected by AWS KMS. |
cloudwatch_log_group_kms_encryption_enabled |
Log Group /aws/rds/instance/fugo-prod-db/error does not have AWS KMS keys associated. |
Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data. |
Associate KMS Key with Cloudwatch log group. |
|
| FAIL |
medium |
cloudwatch |
ap-south-1 |
Check if CloudWatch log groups are protected by AWS KMS. |
/aws/rds/instance/fugo-prod-rds/error |
Check if CloudWatch log groups are protected by AWS KMS. |
cloudwatch_log_group_kms_encryption_enabled |
Log Group /aws/rds/instance/fugo-prod-rds/error does not have AWS KMS keys associated. |
Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data. |
Associate KMS Key with Cloudwatch log group. |
|
| FAIL |
medium |
cloudwatch |
ap-south-1 |
Check if CloudWatch log groups are protected by AWS KMS. |
/aws/rds/instance/fugo-read-db/error |
Check if CloudWatch log groups are protected by AWS KMS. |
cloudwatch_log_group_kms_encryption_enabled |
Log Group /aws/rds/instance/fugo-read-db/error does not have AWS KMS keys associated. |
Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data. |
Associate KMS Key with Cloudwatch log group. |
|
| FAIL |
medium |
cloudwatch |
ap-south-1 |
Check if CloudWatch log groups are protected by AWS KMS. |
FUGO-PRODUCTION-FUGOONE-FLOWLOGS |
Check if CloudWatch log groups are protected by AWS KMS. |
cloudwatch_log_group_kms_encryption_enabled |
Log Group FUGO-PRODUCTION-FUGOONE-FLOWLOGS does not have AWS KMS keys associated. |
Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data. |
Associate KMS Key with Cloudwatch log group. |
|
| FAIL |
medium |
cloudwatch |
ap-south-1 |
Check if CloudWatch log groups are protected by AWS KMS. |
RDSOSMetrics |
Check if CloudWatch log groups are protected by AWS KMS. |
cloudwatch_log_group_kms_encryption_enabled |
Log Group RDSOSMetrics does not have AWS KMS keys associated. |
Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data. |
Associate KMS Key with Cloudwatch log group. |
|
| FAIL |
medium |
cloudwatch |
ap-south-1 |
Check if CloudWatch log groups are protected by AWS KMS. |
aws-cloudtrail-logs-207592916039-a7ba1fd6 |
Check if CloudWatch log groups are protected by AWS KMS. |
cloudwatch_log_group_kms_encryption_enabled |
Log Group aws-cloudtrail-logs-207592916039-a7ba1fd6 does not have AWS KMS keys associated. |
Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data. |
Associate KMS Key with Cloudwatch log group. |
|
| FAIL |
medium |
cloudwatch |
us-west-2 |
Check if CloudWatch log groups are protected by AWS KMS. |
/aws/lambda/Nops-Integration-4d3b-NopsLambdaLookupStack-LoeCWpU6AOSR |
Check if CloudWatch log groups are protected by AWS KMS. |
cloudwatch_log_group_kms_encryption_enabled |
Log Group /aws/lambda/Nops-Integration-4d3b-NopsLambdaLookupStack-LoeCWpU6AOSR does not have AWS KMS keys associated. |
Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data. |
Associate KMS Key with Cloudwatch log group. |
|
| FAIL |
medium |
cloudwatch |
us-west-2 |
Check if CloudWatch log groups are protected by AWS KMS. |
/aws/lambda/Nops-Integration-8d76-NopsLambdaLookupStack-pyjWgFmKAUu2 |
Check if CloudWatch log groups are protected by AWS KMS. |
cloudwatch_log_group_kms_encryption_enabled |
Log Group /aws/lambda/Nops-Integration-8d76-NopsLambdaLookupStack-pyjWgFmKAUu2 does not have AWS KMS keys associated. |
Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data. |
Associate KMS Key with Cloudwatch log group. |
|
| FAIL |
medium |
cloudwatch |
ap-south-1 |
Check if CloudWatch Log Groups have a retention policy of specific days. |
/aws/lambda/DeepSecuritySetup-357d0739a-CreateDSMRoleLambda-AYU11WBM5A65 |
Check if CloudWatch Log Groups have a retention policy of specific days. |
cloudwatch_log_group_retention_policy_specific_days_enabled |
Log Group /aws/lambda/DeepSecuritySetup-357d0739a-CreateDSMRoleLambda-AYU11WBM5A65 has less than 365 days retention period (0 days). |
If log groups have a low retention policy of less than specific days, crucial logs and data can be lost. |
Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time. |
|
| FAIL |
medium |
cloudwatch |
ap-south-1 |
Check if CloudWatch Log Groups have a retention policy of specific days. |
/aws/lambda/DeepSecuritySetup-e8cff1317-CreateDSMRoleLambda-zaF3qePwDijE |
Check if CloudWatch Log Groups have a retention policy of specific days. |
cloudwatch_log_group_retention_policy_specific_days_enabled |
Log Group /aws/lambda/DeepSecuritySetup-e8cff1317-CreateDSMRoleLambda-zaF3qePwDijE has less than 365 days retention period (0 days). |
If log groups have a low retention policy of less than specific days, crucial logs and data can be lost. |
Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time. |
|
| FAIL |
medium |
cloudwatch |
ap-south-1 |
Check if CloudWatch Log Groups have a retention policy of specific days. |
/aws/rds/cluster/fugo-prod-db/error |
Check if CloudWatch Log Groups have a retention policy of specific days. |
cloudwatch_log_group_retention_policy_specific_days_enabled |
Log Group /aws/rds/cluster/fugo-prod-db/error has less than 365 days retention period (0 days). |
If log groups have a low retention policy of less than specific days, crucial logs and data can be lost. |
Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time. |
|
| FAIL |
medium |
cloudwatch |
ap-south-1 |
Check if CloudWatch Log Groups have a retention policy of specific days. |
/aws/rds/cluster/fugo-production-db/error |
Check if CloudWatch Log Groups have a retention policy of specific days. |
cloudwatch_log_group_retention_policy_specific_days_enabled |
Log Group /aws/rds/cluster/fugo-production-db/error has less than 365 days retention period (0 days). |
If log groups have a low retention policy of less than specific days, crucial logs and data can be lost. |
Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time. |
|
| FAIL |
medium |
cloudwatch |
ap-south-1 |
Check if CloudWatch Log Groups have a retention policy of specific days. |
/aws/rds/instance/demo-audit-rds/error |
Check if CloudWatch Log Groups have a retention policy of specific days. |
cloudwatch_log_group_retention_policy_specific_days_enabled |
Log Group /aws/rds/instance/demo-audit-rds/error has less than 365 days retention period (0 days). |
If log groups have a low retention policy of less than specific days, crucial logs and data can be lost. |
Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time. |
|
| FAIL |
medium |
cloudwatch |
ap-south-1 |
Check if CloudWatch Log Groups have a retention policy of specific days. |
/aws/rds/instance/fugo-prod-db/error |
Check if CloudWatch Log Groups have a retention policy of specific days. |
cloudwatch_log_group_retention_policy_specific_days_enabled |
Log Group /aws/rds/instance/fugo-prod-db/error has less than 365 days retention period (0 days). |
If log groups have a low retention policy of less than specific days, crucial logs and data can be lost. |
Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time. |
|
| FAIL |
medium |
cloudwatch |
ap-south-1 |
Check if CloudWatch Log Groups have a retention policy of specific days. |
/aws/rds/instance/fugo-prod-rds/error |
Check if CloudWatch Log Groups have a retention policy of specific days. |
cloudwatch_log_group_retention_policy_specific_days_enabled |
Log Group /aws/rds/instance/fugo-prod-rds/error has less than 365 days retention period (0 days). |
If log groups have a low retention policy of less than specific days, crucial logs and data can be lost. |
Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time. |
|
| FAIL |
medium |
cloudwatch |
ap-south-1 |
Check if CloudWatch Log Groups have a retention policy of specific days. |
/aws/rds/instance/fugo-read-db/error |
Check if CloudWatch Log Groups have a retention policy of specific days. |
cloudwatch_log_group_retention_policy_specific_days_enabled |
Log Group /aws/rds/instance/fugo-read-db/error has less than 365 days retention period (0 days). |
If log groups have a low retention policy of less than specific days, crucial logs and data can be lost. |
Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time. |
|
| FAIL |
medium |
cloudwatch |
ap-south-1 |
Check if CloudWatch Log Groups have a retention policy of specific days. |
FUGO-PRODUCTION-FUGOONE-FLOWLOGS |
Check if CloudWatch Log Groups have a retention policy of specific days. |
cloudwatch_log_group_retention_policy_specific_days_enabled |
Log Group FUGO-PRODUCTION-FUGOONE-FLOWLOGS has less than 365 days retention period (0 days). |
If log groups have a low retention policy of less than specific days, crucial logs and data can be lost. |
Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time. |
|
| FAIL |
medium |
cloudwatch |
ap-south-1 |
Check if CloudWatch Log Groups have a retention policy of specific days. |
RDSOSMetrics |
Check if CloudWatch Log Groups have a retention policy of specific days. |
cloudwatch_log_group_retention_policy_specific_days_enabled |
Log Group RDSOSMetrics has less than 365 days retention period (30 days). |
If log groups have a low retention policy of less than specific days, crucial logs and data can be lost. |
Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time. |
|
| FAIL |
medium |
cloudwatch |
ap-south-1 |
Check if CloudWatch Log Groups have a retention policy of specific days. |
aws-cloudtrail-logs-207592916039-a7ba1fd6 |
Check if CloudWatch Log Groups have a retention policy of specific days. |
cloudwatch_log_group_retention_policy_specific_days_enabled |
Log Group aws-cloudtrail-logs-207592916039-a7ba1fd6 has less than 365 days retention period (0 days). |
If log groups have a low retention policy of less than specific days, crucial logs and data can be lost. |
Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time. |
|
| FAIL |
medium |
cloudwatch |
us-west-2 |
Check if CloudWatch Log Groups have a retention policy of specific days. |
/aws/lambda/Nops-Integration-4d3b-NopsLambdaLookupStack-LoeCWpU6AOSR |
Check if CloudWatch Log Groups have a retention policy of specific days. |
cloudwatch_log_group_retention_policy_specific_days_enabled |
Log Group /aws/lambda/Nops-Integration-4d3b-NopsLambdaLookupStack-LoeCWpU6AOSR has less than 365 days retention period (0 days). |
If log groups have a low retention policy of less than specific days, crucial logs and data can be lost. |
Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time. |
|
| FAIL |
medium |
cloudwatch |
us-west-2 |
Check if CloudWatch Log Groups have a retention policy of specific days. |
/aws/lambda/Nops-Integration-8d76-NopsLambdaLookupStack-pyjWgFmKAUu2 |
Check if CloudWatch Log Groups have a retention policy of specific days. |
cloudwatch_log_group_retention_policy_specific_days_enabled |
Log Group /aws/lambda/Nops-Integration-8d76-NopsLambdaLookupStack-pyjWgFmKAUu2 has less than 365 days retention period (0 days). |
If log groups have a low retention policy of less than specific days, crucial logs and data can be lost. |
Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time. |
|
| FAIL |
medium |
cloudwatch |
us-east-1 |
Ensure a log metric filter and alarm exist for AWS Config configuration changes. |
207592916039 |
Ensure a log metric filter and alarm exist for AWS Config configuration changes. |
cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled |
No CloudWatch log groups found with metric filters or alarms associated. |
Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity. |
It is recommended that a metric filter and alarm be established for unauthorized requests. |
|
| PASS |
medium |
cloudwatch |
ap-south-1 |
Ensure a log metric filter and alarm exist for CloudTrail configuration changes. |
aws-cloudtrail-logs-207592916039-a7ba1fd6 |
Ensure a log metric filter and alarm exist for CloudTrail configuration changes. |
cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled |
CloudWatch log group aws-cloudtrail-logs-207592916039-a7ba1fd6 found with metric filter FUGO-CLOUDTRAIL-CONFIG-CHANGE-ALERT and alarms set. |
Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity. |
It is recommended that a metric filter and alarm be established for unauthorized requests. |
|
| FAIL |
medium |
cloudwatch |
us-east-1 |
Ensure a log metric filter and alarm exist for AWS Management Console authentication failures. |
207592916039 |
Ensure a log metric filter and alarm exist for AWS Management Console authentication failures. |
cloudwatch_log_metric_filter_authentication_failures |
No CloudWatch log groups found with metric filters or alarms associated. |
Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity. |
It is recommended that a metric filter and alarm be established for unauthorized requests. |
|
| FAIL |
medium |
cloudwatch |
us-east-1 |
Ensure a log metric filter and alarm exist for AWS Organizations changes. |
207592916039 |
Ensure a log metric filter and alarm exist for AWS Organizations changes. |
cloudwatch_log_metric_filter_aws_organizations_changes |
No CloudWatch log groups found with metric filters or alarms associated. |
Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity. |
It is recommended that a metric filter and alarm be established for unauthorized requests. |
|
| PASS |
medium |
cloudwatch |
ap-south-1 |
Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created KMS CMKs. |
aws-cloudtrail-logs-207592916039-a7ba1fd6 |
Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created KMS CMKs. |
cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk |
CloudWatch log group aws-cloudtrail-logs-207592916039-a7ba1fd6 found with metric filter FUGO-CMK-ALERTS and alarms set. |
Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity. |
It is recommended that a metric filter and alarm be established for unauthorized requests. |
|
| PASS |
medium |
cloudwatch |
ap-south-1 |
Ensure a log metric filter and alarm exist for S3 bucket policy changes. |
aws-cloudtrail-logs-207592916039-a7ba1fd6 |
Ensure a log metric filter and alarm exist for S3 bucket policy changes. |
cloudwatch_log_metric_filter_for_s3_bucket_policy_changes |
CloudWatch log group aws-cloudtrail-logs-207592916039-a7ba1fd6 found with metric filter FUGO-S3-POLICY-CHANGE-ALERTS and alarms set. |
Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity. |
It is recommended that a metric filter and alarm be established for unauthorized requests. |
|
| FAIL |
medium |
cloudwatch |
ap-south-1 |
Ensure a log metric filter and alarm exist for IAM policy changes. |
aws-cloudtrail-logs-207592916039-a7ba1fd6 |
Ensure a log metric filter and alarm exist for IAM policy changes. |
cloudwatch_log_metric_filter_policy_changes |
CloudWatch log group aws-cloudtrail-logs-207592916039-a7ba1fd6 found with metric filter FUGO-IAM-POLICY-CHANGE-ALERTS but no alarms associated. |
Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity. |
It is recommended that a metric filter and alarm be established for unauthorized requests. |
|
| FAIL |
medium |
cloudwatch |
us-east-1 |
Ensure a log metric filter and alarm exist for usage of root account. |
207592916039 |
Ensure a log metric filter and alarm exist for usage of root account. |
cloudwatch_log_metric_filter_root_usage |
No CloudWatch log groups found with metric filters or alarms associated. |
Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity. |
It is recommended that a metric filter and alarm be established for unauthorized requests. |
|
| PASS |
medium |
cloudwatch |
ap-south-1 |
Ensure a log metric filter and alarm exist for security group changes. |
aws-cloudtrail-logs-207592916039-a7ba1fd6 |
Ensure a log metric filter and alarm exist for security group changes. |
cloudwatch_log_metric_filter_security_group_changes |
CloudWatch log group aws-cloudtrail-logs-207592916039-a7ba1fd6 found with metric filter FUGO-SECURITY-GROUP-CHANGE-ALERTS and alarms set. |
Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity. |
It is recommended that a metric filter and alarm be established for unauthorized requests. |
|
| FAIL |
medium |
cloudwatch |
us-east-1 |
Ensure a log metric filter and alarm exist for Management Console sign-in without MFA. |
207592916039 |
Ensure a log metric filter and alarm exist for Management Console sign-in without MFA. |
cloudwatch_log_metric_filter_sign_in_without_mfa |
No CloudWatch log groups found with metric filters or alarms associated. |
Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity. |
It is recommended that a metric filter and alarm be established for unauthorized requests. |
|
| FAIL |
medium |
cloudwatch |
us-east-1 |
Ensure a log metric filter and alarm exist for unauthorized API calls. |
207592916039 |
Ensure a log metric filter and alarm exist for unauthorized API calls. |
cloudwatch_log_metric_filter_unauthorized_api_calls |
No CloudWatch log groups found with metric filters or alarms associated. |
Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity. |
It is recommended that a metric filter and alarm be established for unauthorized requests. |
|
| FAIL |
medium |
config |
ap-northeast-1 |
Ensure AWS Config is enabled in all regions. |
207592916039 |
Ensure AWS Config is enabled in all regions. |
config_recorder_all_regions_enabled |
AWS Config recorder 207592916039 is disabled. |
The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing. |
It is recommended to enable AWS Config be enabled in all regions. |
|
| FAIL |
medium |
config |
ap-northeast-2 |
Ensure AWS Config is enabled in all regions. |
207592916039 |
Ensure AWS Config is enabled in all regions. |
config_recorder_all_regions_enabled |
AWS Config recorder 207592916039 is disabled. |
The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing. |
It is recommended to enable AWS Config be enabled in all regions. |
|
| FAIL |
medium |
config |
ap-northeast-3 |
Ensure AWS Config is enabled in all regions. |
207592916039 |
Ensure AWS Config is enabled in all regions. |
config_recorder_all_regions_enabled |
AWS Config recorder 207592916039 is disabled. |
The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing. |
It is recommended to enable AWS Config be enabled in all regions. |
|
| PASS |
medium |
config |
ap-south-1 |
Ensure AWS Config is enabled in all regions. |
default |
Ensure AWS Config is enabled in all regions. |
config_recorder_all_regions_enabled |
AWS Config recorder default is enabled. |
The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing. |
It is recommended to enable AWS Config be enabled in all regions. |
|
| FAIL |
medium |
config |
ap-southeast-1 |
Ensure AWS Config is enabled in all regions. |
207592916039 |
Ensure AWS Config is enabled in all regions. |
config_recorder_all_regions_enabled |
AWS Config recorder 207592916039 is disabled. |
The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing. |
It is recommended to enable AWS Config be enabled in all regions. |
|
| FAIL |
medium |
config |
ap-southeast-2 |
Ensure AWS Config is enabled in all regions. |
207592916039 |
Ensure AWS Config is enabled in all regions. |
config_recorder_all_regions_enabled |
AWS Config recorder 207592916039 is disabled. |
The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing. |
It is recommended to enable AWS Config be enabled in all regions. |
|
| FAIL |
medium |
config |
ca-central-1 |
Ensure AWS Config is enabled in all regions. |
207592916039 |
Ensure AWS Config is enabled in all regions. |
config_recorder_all_regions_enabled |
AWS Config recorder 207592916039 is disabled. |
The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing. |
It is recommended to enable AWS Config be enabled in all regions. |
|
| FAIL |
medium |
config |
eu-central-1 |
Ensure AWS Config is enabled in all regions. |
207592916039 |
Ensure AWS Config is enabled in all regions. |
config_recorder_all_regions_enabled |
AWS Config recorder 207592916039 is disabled. |
The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing. |
It is recommended to enable AWS Config be enabled in all regions. |
|
| FAIL |
medium |
config |
eu-north-1 |
Ensure AWS Config is enabled in all regions. |
207592916039 |
Ensure AWS Config is enabled in all regions. |
config_recorder_all_regions_enabled |
AWS Config recorder 207592916039 is disabled. |
The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing. |
It is recommended to enable AWS Config be enabled in all regions. |
|
| FAIL |
medium |
config |
eu-west-1 |
Ensure AWS Config is enabled in all regions. |
207592916039 |
Ensure AWS Config is enabled in all regions. |
config_recorder_all_regions_enabled |
AWS Config recorder 207592916039 is disabled. |
The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing. |
It is recommended to enable AWS Config be enabled in all regions. |
|
| FAIL |
medium |
config |
eu-west-2 |
Ensure AWS Config is enabled in all regions. |
207592916039 |
Ensure AWS Config is enabled in all regions. |
config_recorder_all_regions_enabled |
AWS Config recorder 207592916039 is disabled. |
The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing. |
It is recommended to enable AWS Config be enabled in all regions. |
|
| FAIL |
medium |
config |
eu-west-3 |
Ensure AWS Config is enabled in all regions. |
207592916039 |
Ensure AWS Config is enabled in all regions. |
config_recorder_all_regions_enabled |
AWS Config recorder 207592916039 is disabled. |
The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing. |
It is recommended to enable AWS Config be enabled in all regions. |
|
| FAIL |
medium |
config |
sa-east-1 |
Ensure AWS Config is enabled in all regions. |
207592916039 |
Ensure AWS Config is enabled in all regions. |
config_recorder_all_regions_enabled |
AWS Config recorder 207592916039 is disabled. |
The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing. |
It is recommended to enable AWS Config be enabled in all regions. |
|
| FAIL |
medium |
config |
us-east-1 |
Ensure AWS Config is enabled in all regions. |
207592916039 |
Ensure AWS Config is enabled in all regions. |
config_recorder_all_regions_enabled |
AWS Config recorder 207592916039 is disabled. |
The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing. |
It is recommended to enable AWS Config be enabled in all regions. |
|
| FAIL |
medium |
config |
us-east-2 |
Ensure AWS Config is enabled in all regions. |
207592916039 |
Ensure AWS Config is enabled in all regions. |
config_recorder_all_regions_enabled |
AWS Config recorder 207592916039 is disabled. |
The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing. |
It is recommended to enable AWS Config be enabled in all regions. |
|
| FAIL |
medium |
config |
us-west-1 |
Ensure AWS Config is enabled in all regions. |
207592916039 |
Ensure AWS Config is enabled in all regions. |
config_recorder_all_regions_enabled |
AWS Config recorder 207592916039 is disabled. |
The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing. |
It is recommended to enable AWS Config be enabled in all regions. |
|
| FAIL |
medium |
config |
us-west-2 |
Ensure AWS Config is enabled in all regions. |
207592916039 |
Ensure AWS Config is enabled in all regions. |
config_recorder_all_regions_enabled |
AWS Config recorder 207592916039 is disabled. |
The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing. |
It is recommended to enable AWS Config be enabled in all regions. |
|
| FAIL |
medium |
directoryservice |
us-east-1 |
Directory Service monitoring with CloudWatch logs. |
d-906769962c |
Directory Service monitoring with CloudWatch logs. |
directoryservice_directory_log_forwarding_enabled |
Directory Service d-906769962c have log forwarding to CloudWatch disabled |
As a best practice, monitor your organization to ensure that changes are logged. This helps you to ensure that any unexpected change can be investigated and unwanted changes can be rolled back. |
It is recommended that that the export of logs is enabled. |
|
| FAIL |
medium |
directoryservice |
us-east-1 |
Directory Service has SNS Notifications enabled. |
d-906769962c |
Directory Service has SNS Notifications enabled. |
directoryservice_directory_monitor_notifications |
Directory Service d-906769962c have SNS messaging disabled |
As a best practice, monitor status of Directory Service. This helps to avoid late actions to fix Directory Service issues. |
It is recommended set up SNS messaging to send email or text messages when the status of your directory changes. |
|
| FAIL |
medium |
directoryservice |
us-east-1 |
Ensure Radius server in DS is using the recommended security protocol. |
d-906769962c |
Ensure Radius server in DS is using the recommended security protocol. |
directoryservice_radius_server_security_protocol |
Radius server of Directory d-906769962c does not have recommended security protocol for the Radius server |
As a best practice, you might need to configure the authentication protocol between the Microsoft AD DCs and the RADIUS/MFA server. Supported protocols are PAP, CHAP MS-CHAPv1, and MS-CHAPv2. MS-CHAPv2 is recommended because it provides the strongest security of the three options. |
MS-CHAPv2 provides the strongest security of the options supported, and is therefore recommended. |
|
| FAIL |
medium |
directoryservice |
us-east-1 |
Ensure Multi-Factor Authentication (MFA) using Radius Server is enabled in DS. |
d-906769962c |
Ensure Multi-Factor Authentication (MFA) using Radius Server is enabled in DS. |
directoryservice_supported_mfa_radius_enabled |
Directory d-906769962c does not have Radius MFA enabled |
Multi-Factor Authentication (MFA) adds an extra layer of authentication assurance beyond traditional username and password. |
Enabling MFA provides increased security to a user name and password as it requires the user to possess a solution that displays a time-sensitive authentication code. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0018e8a7d6d0add0a |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0018e8a7d6d0add0a is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0fc316f8f9c3f73c4 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0fc316f8f9c3f73c4 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-00ceb4d826e25a122 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-00ceb4d826e25a122 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0cda34df73e692d38 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0cda34df73e692d38 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0a66a825f942ae0e1 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0a66a825f942ae0e1 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0a0c700bebf52eb74 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0a0c700bebf52eb74 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-06bf3a06afb530ff7 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-06bf3a06afb530ff7 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0c86838c18cbc806c |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0c86838c18cbc806c is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-05c276b2ff6f60388 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-05c276b2ff6f60388 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-08740d7b1041254f6 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-08740d7b1041254f6 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0751e8cb55a23ff36 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0751e8cb55a23ff36 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0826789bbe598538b |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0826789bbe598538b is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-050e59d283a2b1044 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-050e59d283a2b1044 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0fd4ff9d094c9db23 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0fd4ff9d094c9db23 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-029308968e9547aa0 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-029308968e9547aa0 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-07948383144da3eaa |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-07948383144da3eaa is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0b47d36cae0c7daa9 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0b47d36cae0c7daa9 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-01b6c6cb2a7800069 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-01b6c6cb2a7800069 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0ad53fe996d650ab4 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0ad53fe996d650ab4 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-070a9304e9292bae7 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-070a9304e9292bae7 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0efca13240db60e12 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0efca13240db60e12 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-012bb10fe87bffe7a |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-012bb10fe87bffe7a is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0460a08bb9fe0bc91 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0460a08bb9fe0bc91 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-05c7beb5fe304a583 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-05c7beb5fe304a583 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-09820cdd8c657842d |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-09820cdd8c657842d is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-00ddb88cc64cfb082 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-00ddb88cc64cfb082 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-027709daf5adb4af4 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-027709daf5adb4af4 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0afb5c8c424146df3 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0afb5c8c424146df3 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0a2efe96d8b23fc02 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0a2efe96d8b23fc02 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-01ad1617276963099 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-01ad1617276963099 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-04cb2a96cf377cb0b |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-04cb2a96cf377cb0b is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-01c019aaa08c7d046 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-01c019aaa08c7d046 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-05bb411cae567311c |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-05bb411cae567311c is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0a9b50b3609981939 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0a9b50b3609981939 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0a9581443a029a739 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0a9581443a029a739 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0219684a574a3e32f |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0219684a574a3e32f is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0b48c67944442bf20 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0b48c67944442bf20 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-01cef41387a0186b4 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-01cef41387a0186b4 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-054e0cf7b2ffa0a10 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-054e0cf7b2ffa0a10 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0031d2af71414d729 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0031d2af71414d729 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-04437d483ec0121d9 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-04437d483ec0121d9 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0f76a8612bec6fb48 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0f76a8612bec6fb48 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0a8e0f439b4ef98dc |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0a8e0f439b4ef98dc is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-04099a845119f6f05 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-04099a845119f6f05 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0988be26776daa189 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0988be26776daa189 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0cf2ce5419463b285 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0cf2ce5419463b285 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0e1113cfaa41d218e |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0e1113cfaa41d218e is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0a04d864045e18474 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0a04d864045e18474 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-005841508dcaf8d4b |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-005841508dcaf8d4b is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0d30d290029b082d8 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0d30d290029b082d8 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-08bde8ff706c1a8c9 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-08bde8ff706c1a8c9 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0dab1c941c0328e69 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0dab1c941c0328e69 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-09ed7b4a0477c8761 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-09ed7b4a0477c8761 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0abdf11a2a468ff95 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0abdf11a2a468ff95 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-066c0a0139fae7ff2 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-066c0a0139fae7ff2 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-03b37f1bc68490071 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-03b37f1bc68490071 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-065f98f42b09e9984 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-065f98f42b09e9984 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-08cfdefb3c85ca1c0 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-08cfdefb3c85ca1c0 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0020d46b36a625125 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0020d46b36a625125 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-007747239863a8b65 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-007747239863a8b65 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0445ada17ff884503 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0445ada17ff884503 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0efd44d4bab063399 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0efd44d4bab063399 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0e068b4e14f5473f7 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0e068b4e14f5473f7 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-051da5dac65fb5532 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-051da5dac65fb5532 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0ccda562dc7df3a3f |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0ccda562dc7df3a3f is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0ce6e89b24147b65e |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0ce6e89b24147b65e is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0ef80bb5d5df0ccc2 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0ef80bb5d5df0ccc2 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0818d3e8b4d00d09c |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0818d3e8b4d00d09c is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0adf17abf392fd387 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0adf17abf392fd387 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-07d1d04a2290ff89b |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-07d1d04a2290ff89b is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0a36cfa10f87a4b4c |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0a36cfa10f87a4b4c is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0e24864de1be1f41f |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0e24864de1be1f41f is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-06ba72bb83ca08ea2 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-06ba72bb83ca08ea2 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0efd76db631edca20 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0efd76db631edca20 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-01296df14e894bc42 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-01296df14e894bc42 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-04b7351c1ba1d4082 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-04b7351c1ba1d4082 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0cf2feb2042aceebc |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0cf2feb2042aceebc is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-08cd8ce56ffefa07f |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-08cd8ce56ffefa07f is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-04e8f1b7ee0073703 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-04e8f1b7ee0073703 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0c64fba33a3801d0d |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0c64fba33a3801d0d is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-0e5fe52df21de43d8 |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-0e5fe52df21de43d8 is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| PASS |
critical |
ec2 |
us-east-1 |
Ensure there are no EC2 AMIs set as Public. |
ami-08cfc83918b0b8c8b |
Ensure there are no EC2 AMIs set as Public. |
ec2_ami_public |
EC2 AMI ami-08cfc83918b0b8c8b is not public. |
A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users. |
List all shared AMIs and make sure there is a business reason for them. |
|
| FAIL |
medium |
ec2 |
ap-northeast-1 |
Check if EBS Default Encryption is activated. |
EBS Default Encryption |
Check if EBS Default Encryption is activated. |
ec2_ebs_default_encryption |
EBS Default Encryption is not activated. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
ec2 |
ap-northeast-2 |
Check if EBS Default Encryption is activated. |
EBS Default Encryption |
Check if EBS Default Encryption is activated. |
ec2_ebs_default_encryption |
EBS Default Encryption is not activated. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
ec2 |
ap-northeast-3 |
Check if EBS Default Encryption is activated. |
EBS Default Encryption |
Check if EBS Default Encryption is activated. |
ec2_ebs_default_encryption |
EBS Default Encryption is not activated. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EBS Default Encryption is activated. |
EBS Default Encryption |
Check if EBS Default Encryption is activated. |
ec2_ebs_default_encryption |
EBS Default Encryption is not activated. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
ec2 |
ap-southeast-1 |
Check if EBS Default Encryption is activated. |
EBS Default Encryption |
Check if EBS Default Encryption is activated. |
ec2_ebs_default_encryption |
EBS Default Encryption is not activated. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
ec2 |
ap-southeast-2 |
Check if EBS Default Encryption is activated. |
EBS Default Encryption |
Check if EBS Default Encryption is activated. |
ec2_ebs_default_encryption |
EBS Default Encryption is not activated. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
ec2 |
ca-central-1 |
Check if EBS Default Encryption is activated. |
EBS Default Encryption |
Check if EBS Default Encryption is activated. |
ec2_ebs_default_encryption |
EBS Default Encryption is not activated. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
ec2 |
eu-central-1 |
Check if EBS Default Encryption is activated. |
EBS Default Encryption |
Check if EBS Default Encryption is activated. |
ec2_ebs_default_encryption |
EBS Default Encryption is not activated. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
ec2 |
eu-north-1 |
Check if EBS Default Encryption is activated. |
EBS Default Encryption |
Check if EBS Default Encryption is activated. |
ec2_ebs_default_encryption |
EBS Default Encryption is not activated. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
ec2 |
eu-west-1 |
Check if EBS Default Encryption is activated. |
EBS Default Encryption |
Check if EBS Default Encryption is activated. |
ec2_ebs_default_encryption |
EBS Default Encryption is not activated. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
ec2 |
eu-west-2 |
Check if EBS Default Encryption is activated. |
EBS Default Encryption |
Check if EBS Default Encryption is activated. |
ec2_ebs_default_encryption |
EBS Default Encryption is not activated. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
ec2 |
eu-west-3 |
Check if EBS Default Encryption is activated. |
EBS Default Encryption |
Check if EBS Default Encryption is activated. |
ec2_ebs_default_encryption |
EBS Default Encryption is not activated. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
ec2 |
sa-east-1 |
Check if EBS Default Encryption is activated. |
EBS Default Encryption |
Check if EBS Default Encryption is activated. |
ec2_ebs_default_encryption |
EBS Default Encryption is not activated. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
ec2 |
us-east-1 |
Check if EBS Default Encryption is activated. |
EBS Default Encryption |
Check if EBS Default Encryption is activated. |
ec2_ebs_default_encryption |
EBS Default Encryption is not activated. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
ec2 |
us-east-2 |
Check if EBS Default Encryption is activated. |
EBS Default Encryption |
Check if EBS Default Encryption is activated. |
ec2_ebs_default_encryption |
EBS Default Encryption is not activated. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
ec2 |
us-west-1 |
Check if EBS Default Encryption is activated. |
EBS Default Encryption |
Check if EBS Default Encryption is activated. |
ec2_ebs_default_encryption |
EBS Default Encryption is not activated. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
ec2 |
us-west-2 |
Check if EBS Default Encryption is activated. |
EBS Default Encryption |
Check if EBS Default Encryption is activated. |
ec2_ebs_default_encryption |
EBS Default Encryption is not activated. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0622a94880169fc9e |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0622a94880169fc9e is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-01b8eaf0aa9d9345b |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-01b8eaf0aa9d9345b is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-08ca73f3d6545e91f |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-08ca73f3d6545e91f is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-07dfedc81c4ff5f17 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-07dfedc81c4ff5f17 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-010aa81e6b8a4f00d |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-010aa81e6b8a4f00d is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0611020500372ee84 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0611020500372ee84 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-040ffbe570255ec5e |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-040ffbe570255ec5e is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-07c18714f319b32ec |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-07c18714f319b32ec is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-071130c03aa1e53bd |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-071130c03aa1e53bd is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0dd25bf7d3bb48359 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0dd25bf7d3bb48359 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0e3461b48d1171bae |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0e3461b48d1171bae is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-03d8a2a190bcb4ded |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-03d8a2a190bcb4ded is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-06f3c751d14057493 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-06f3c751d14057493 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-09b5d3c2b58d89c57 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-09b5d3c2b58d89c57 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-00818edf50810e3cc |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-00818edf50810e3cc is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0485a4c6202da3d14 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0485a4c6202da3d14 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0dc7500c9aeb31138 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0dc7500c9aeb31138 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0c4da1e86edb292fd |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0c4da1e86edb292fd is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-030374eda7f5fbd92 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-030374eda7f5fbd92 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-03a356b50ab38a27a |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-03a356b50ab38a27a is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0585cd0b29394fb44 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0585cd0b29394fb44 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-022ef983b842ec47e |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-022ef983b842ec47e is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-050f0858c4955d25b |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-050f0858c4955d25b is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0d7e89fa78aa3612e |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0d7e89fa78aa3612e is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0a72a43bc78466367 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0a72a43bc78466367 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0e9916950153853d1 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0e9916950153853d1 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-06bb5d55846614896 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-06bb5d55846614896 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-04d8960517f9e72ea |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-04d8960517f9e72ea is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0fb2d997acfe3fc54 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0fb2d997acfe3fc54 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-068dd4d3abebd3d80 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-068dd4d3abebd3d80 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-02c091df747da3d3b |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-02c091df747da3d3b is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0f4eb30beb2aaf75f |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0f4eb30beb2aaf75f is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-01d09e8faa50b4297 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-01d09e8faa50b4297 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0056bdc72f8d40bce |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0056bdc72f8d40bce is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-087680dc7ab7fc24e |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-087680dc7ab7fc24e is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-08ac9e94c358faccf |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-08ac9e94c358faccf is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0b4903583a1ce3637 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0b4903583a1ce3637 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0c9efd466d366a833 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0c9efd466d366a833 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0c520cdbdca369b8e |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0c520cdbdca369b8e is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-03ad9fdc0adffa61b |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-03ad9fdc0adffa61b is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0641c8bc9d117561c |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0641c8bc9d117561c is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-06d6e49d46f3066e4 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-06d6e49d46f3066e4 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-04812aeee336b92b0 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-04812aeee336b92b0 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0de31f78f96b0af17 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0de31f78f96b0af17 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0c0461c686ead0455 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0c0461c686ead0455 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-08f86546782297252 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-08f86546782297252 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-087eb0d701ada6234 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-087eb0d701ada6234 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-020b67be510a6c568 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-020b67be510a6c568 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-022914d17fa7701db |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-022914d17fa7701db is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-01e8a63792135377d |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-01e8a63792135377d is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-02532171666ff9ebb |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-02532171666ff9ebb is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-01795651adda5c63d |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-01795651adda5c63d is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-03e823f09a123c36c |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-03e823f09a123c36c is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-03fb57967d341d0bf |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-03fb57967d341d0bf is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-025b1d9caac7b9291 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-025b1d9caac7b9291 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0997b8d6c5a5bd777 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0997b8d6c5a5bd777 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-00e0b75b99e80f197 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-00e0b75b99e80f197 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-061318ae6f331f1a4 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-061318ae6f331f1a4 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0c56a773ab25bd851 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0c56a773ab25bd851 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-06aea6e12bdef41ea |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-06aea6e12bdef41ea is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-01fe0248adf2a2aa3 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-01fe0248adf2a2aa3 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-088c599dd22e735c7 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-088c599dd22e735c7 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0dd7b19213587d0a4 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0dd7b19213587d0a4 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0b9e2f9a206b90084 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0b9e2f9a206b90084 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-05da468af1a62409d |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-05da468af1a62409d is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-02442f9cad1b79dbf |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-02442f9cad1b79dbf is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0adef1d95d6767932 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0adef1d95d6767932 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-031844881dde7bab3 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-031844881dde7bab3 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-07fd247dfb21a2803 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-07fd247dfb21a2803 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-09ee32bc093251b15 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-09ee32bc093251b15 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0498d33d02edff906 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0498d33d02edff906 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0f582721e2a2bdb3b |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0f582721e2a2bdb3b is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-091c2b5d57180305a |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-091c2b5d57180305a is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0f46bba85ad576cf9 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0f46bba85ad576cf9 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0f12a3b8b22d64159 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0f12a3b8b22d64159 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0341d4313745e93a8 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0341d4313745e93a8 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-05ec194ae65d9484e |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-05ec194ae65d9484e is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-030ab2fb0a9687603 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-030ab2fb0a9687603 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-00792be50739611a5 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-00792be50739611a5 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-017eaa0eb6c0a5a82 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-017eaa0eb6c0a5a82 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0b1374f7dc115ec15 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0b1374f7dc115ec15 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-012f395e484d6587f |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-012f395e484d6587f is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-08aa4d247c7ccffdc |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-08aa4d247c7ccffdc is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0917b02c94671bf4f |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0917b02c94671bf4f is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-018c5c22dcca87029 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-018c5c22dcca87029 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0ba20af0f6e13842d |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0ba20af0f6e13842d is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0a22f3a76bd625266 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0a22f3a76bd625266 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0d0c97b1e7e19356f |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0d0c97b1e7e19356f is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-03b5e483281934366 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-03b5e483281934366 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-01bb12816bb3c76af |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-01bb12816bb3c76af is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-09a200d0baae1e5d9 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-09a200d0baae1e5d9 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0539c8e289b04484f |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0539c8e289b04484f is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0afda8778a0b2e26b |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0afda8778a0b2e26b is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0809f76b3124e8481 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0809f76b3124e8481 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-07d5aaac92bcdbeac |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-07d5aaac92bcdbeac is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-01cadbf9ddc053792 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-01cadbf9ddc053792 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0a72d597d62e2cd01 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0a72d597d62e2cd01 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-026774bb792a197e7 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-026774bb792a197e7 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0bb6f8f32b2cb4fca |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0bb6f8f32b2cb4fca is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-04df7e251ae6e0cfe |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-04df7e251ae6e0cfe is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-02179a4d126c52aa1 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-02179a4d126c52aa1 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0cc079c73861a4aff |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0cc079c73861a4aff is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0790c7a1b159fdd5a |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0790c7a1b159fdd5a is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-030cd1b57bca13602 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-030cd1b57bca13602 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0e29b99ea2e640b81 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0e29b99ea2e640b81 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0e82db2ffa7743f70 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0e82db2ffa7743f70 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-07879f9ffc76c1a4e |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-07879f9ffc76c1a4e is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-099852369db9e4754 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-099852369db9e4754 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-030ce343c73844bcf |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-030ce343c73844bcf is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0b428785f8c8a3a4c |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0b428785f8c8a3a4c is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-052a9462ffa13ed6c |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-052a9462ffa13ed6c is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-05f5f455f9944443c |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-05f5f455f9944443c is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-019d54e88aface825 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-019d54e88aface825 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0da13f419fb5d9bee |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0da13f419fb5d9bee is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-02a9b47c8ab4cecd0 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-02a9b47c8ab4cecd0 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0243907c6d8396bb8 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0243907c6d8396bb8 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-08e03dcd383a3aa44 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-08e03dcd383a3aa44 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0933a17ca736f6b77 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0933a17ca736f6b77 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-08a0d1a396c4aa2be |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-08a0d1a396c4aa2be is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-049027679ceef886d |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-049027679ceef886d is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-003f763931b0c1e8f |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-003f763931b0c1e8f is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0aeeb74fcdb88ebd9 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0aeeb74fcdb88ebd9 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-03bac3be178a17311 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-03bac3be178a17311 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0b540192b41c105eb |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0b540192b41c105eb is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0530fea6befb7f72b |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0530fea6befb7f72b is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0b688f2736bf5bad4 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0b688f2736bf5bad4 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-00d707adc8480b047 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-00d707adc8480b047 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0882adc631671a2b8 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0882adc631671a2b8 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0f607309686a7d25f |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0f607309686a7d25f is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0317b4229e95fdfd8 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0317b4229e95fdfd8 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0b0b155d289a0bac5 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0b0b155d289a0bac5 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-03a009e9beb0da3f7 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-03a009e9beb0da3f7 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-04a18089c90e1260e |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-04a18089c90e1260e is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0cc58bc4dc97b399b |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0cc58bc4dc97b399b is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0e02a396c750c736b |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0e02a396c750c736b is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0d2c7ad629ee47dfe |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0d2c7ad629ee47dfe is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-055f56fdedf0b6a7f |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-055f56fdedf0b6a7f is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0a198bef20f78d466 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0a198bef20f78d466 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0a4e9dcee59c3e935 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0a4e9dcee59c3e935 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-003cbcab27a2b8cc5 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-003cbcab27a2b8cc5 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0b953ec8b25bb79b8 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0b953ec8b25bb79b8 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0e7efcd133510ac82 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0e7efcd133510ac82 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0d48e7f1ecb2af58f |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0d48e7f1ecb2af58f is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-049710eb990d06c66 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-049710eb990d06c66 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-015a805bbdab25397 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-015a805bbdab25397 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0ccecbf3352a85d92 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0ccecbf3352a85d92 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0c1d90fc770c08f3e |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0c1d90fc770c08f3e is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-001499538bfa02c79 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-001499538bfa02c79 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0d61a3d02fe050a79 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0d61a3d02fe050a79 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-00564895a4b383633 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-00564895a4b383633 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0b7a64d674eb5cf25 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0b7a64d674eb5cf25 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-004af16197f9b2d15 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-004af16197f9b2d15 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0ad073989c9e51746 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0ad073989c9e51746 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-086b0b2cb77911fbe |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-086b0b2cb77911fbe is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0d309e43242d16c39 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0d309e43242d16c39 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0054279d78fa43f21 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0054279d78fa43f21 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-08509fb97f6368608 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-08509fb97f6368608 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0af74db7b91ad0fef |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0af74db7b91ad0fef is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0cb054b96ef1201b6 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0cb054b96ef1201b6 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-05a1ab37a7c734e7e |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-05a1ab37a7c734e7e is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-06981ad9be754bda5 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-06981ad9be754bda5 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-01799a1036509fce7 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-01799a1036509fce7 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-037e436a6609b27ef |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-037e436a6609b27ef is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0946da4a34969a91c |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0946da4a34969a91c is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0228aa32190cbf607 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0228aa32190cbf607 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0591754941a65dbf2 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0591754941a65dbf2 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0a0b477588407543f |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0a0b477588407543f is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0a0babf6f9261e644 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0a0babf6f9261e644 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0593aca86b1b615c6 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0593aca86b1b615c6 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-04c897c6bcd9fce84 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-04c897c6bcd9fce84 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-083f1d3cebf29b150 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-083f1d3cebf29b150 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0009dd882eaf0b4b2 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0009dd882eaf0b4b2 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0782856870ae5a65f |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0782856870ae5a65f is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0365d7ae246dcc20d |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0365d7ae246dcc20d is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-076197ad79c63334a |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-076197ad79c63334a is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0843e2d1f28ec1157 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0843e2d1f28ec1157 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-03008860ecba17e98 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-03008860ecba17e98 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-03c18165e84e612dd |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-03c18165e84e612dd is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-06bc8be4b0b3f49b0 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-06bc8be4b0b3f49b0 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0bd60c5cf3baf472a |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0bd60c5cf3baf472a is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0e98fda1728ea85c8 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0e98fda1728ea85c8 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0eb96d6970d0fd9af |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0eb96d6970d0fd9af is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-02d2235f771236c27 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-02d2235f771236c27 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-0654f22072d6a5788 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-0654f22072d6a5788 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-004c3c5024e66c34a |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-004c3c5024e66c34a is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-09ad6617f54885be5 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-09ad6617f54885be5 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| PASS |
critical |
ec2 |
us-east-1 |
Ensure there are no EBS Snapshots set as Public. |
snap-022b448678f2eeb65 |
Ensure there are no EBS Snapshots set as Public. |
ec2_ebs_public_snapshot |
EBS Snapshot snap-022b448678f2eeb65 is not Public. |
When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data. |
Ensure the snapshot should be shared. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0622a94880169fc9e |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0622a94880169fc9e is unencrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-01b8eaf0aa9d9345b |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-01b8eaf0aa9d9345b is unencrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-08ca73f3d6545e91f |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-08ca73f3d6545e91f is unencrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-07dfedc81c4ff5f17 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-07dfedc81c4ff5f17 is unencrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-010aa81e6b8a4f00d |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-010aa81e6b8a4f00d is unencrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0611020500372ee84 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0611020500372ee84 is unencrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-040ffbe570255ec5e |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-040ffbe570255ec5e is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-07c18714f319b32ec |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-07c18714f319b32ec is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-071130c03aa1e53bd |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-071130c03aa1e53bd is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0dd25bf7d3bb48359 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0dd25bf7d3bb48359 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0e3461b48d1171bae |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0e3461b48d1171bae is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-03d8a2a190bcb4ded |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-03d8a2a190bcb4ded is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-06f3c751d14057493 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-06f3c751d14057493 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-09b5d3c2b58d89c57 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-09b5d3c2b58d89c57 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-00818edf50810e3cc |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-00818edf50810e3cc is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0485a4c6202da3d14 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0485a4c6202da3d14 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0dc7500c9aeb31138 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0dc7500c9aeb31138 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0c4da1e86edb292fd |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0c4da1e86edb292fd is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-030374eda7f5fbd92 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-030374eda7f5fbd92 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-03a356b50ab38a27a |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-03a356b50ab38a27a is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0585cd0b29394fb44 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0585cd0b29394fb44 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-022ef983b842ec47e |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-022ef983b842ec47e is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-050f0858c4955d25b |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-050f0858c4955d25b is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0d7e89fa78aa3612e |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0d7e89fa78aa3612e is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0a72a43bc78466367 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0a72a43bc78466367 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0e9916950153853d1 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0e9916950153853d1 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-06bb5d55846614896 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-06bb5d55846614896 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-04d8960517f9e72ea |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-04d8960517f9e72ea is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0fb2d997acfe3fc54 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0fb2d997acfe3fc54 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-068dd4d3abebd3d80 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-068dd4d3abebd3d80 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-02c091df747da3d3b |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-02c091df747da3d3b is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0f4eb30beb2aaf75f |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0f4eb30beb2aaf75f is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-01d09e8faa50b4297 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-01d09e8faa50b4297 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0056bdc72f8d40bce |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0056bdc72f8d40bce is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-087680dc7ab7fc24e |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-087680dc7ab7fc24e is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-08ac9e94c358faccf |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-08ac9e94c358faccf is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0b4903583a1ce3637 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0b4903583a1ce3637 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0c9efd466d366a833 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0c9efd466d366a833 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0c520cdbdca369b8e |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0c520cdbdca369b8e is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-03ad9fdc0adffa61b |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-03ad9fdc0adffa61b is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0641c8bc9d117561c |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0641c8bc9d117561c is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-06d6e49d46f3066e4 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-06d6e49d46f3066e4 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-04812aeee336b92b0 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-04812aeee336b92b0 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0de31f78f96b0af17 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0de31f78f96b0af17 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0c0461c686ead0455 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0c0461c686ead0455 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-08f86546782297252 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-08f86546782297252 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-087eb0d701ada6234 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-087eb0d701ada6234 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-020b67be510a6c568 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-020b67be510a6c568 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-022914d17fa7701db |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-022914d17fa7701db is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-01e8a63792135377d |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-01e8a63792135377d is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-02532171666ff9ebb |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-02532171666ff9ebb is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-01795651adda5c63d |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-01795651adda5c63d is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-03e823f09a123c36c |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-03e823f09a123c36c is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-03fb57967d341d0bf |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-03fb57967d341d0bf is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-025b1d9caac7b9291 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-025b1d9caac7b9291 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0997b8d6c5a5bd777 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0997b8d6c5a5bd777 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-00e0b75b99e80f197 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-00e0b75b99e80f197 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-061318ae6f331f1a4 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-061318ae6f331f1a4 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0c56a773ab25bd851 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0c56a773ab25bd851 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-06aea6e12bdef41ea |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-06aea6e12bdef41ea is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-01fe0248adf2a2aa3 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-01fe0248adf2a2aa3 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-088c599dd22e735c7 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-088c599dd22e735c7 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0dd7b19213587d0a4 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0dd7b19213587d0a4 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0b9e2f9a206b90084 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0b9e2f9a206b90084 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-05da468af1a62409d |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-05da468af1a62409d is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-02442f9cad1b79dbf |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-02442f9cad1b79dbf is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0adef1d95d6767932 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0adef1d95d6767932 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-031844881dde7bab3 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-031844881dde7bab3 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-07fd247dfb21a2803 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-07fd247dfb21a2803 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-09ee32bc093251b15 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-09ee32bc093251b15 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0498d33d02edff906 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0498d33d02edff906 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0f582721e2a2bdb3b |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0f582721e2a2bdb3b is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-091c2b5d57180305a |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-091c2b5d57180305a is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0f46bba85ad576cf9 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0f46bba85ad576cf9 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0f12a3b8b22d64159 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0f12a3b8b22d64159 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0341d4313745e93a8 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0341d4313745e93a8 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-05ec194ae65d9484e |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-05ec194ae65d9484e is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-030ab2fb0a9687603 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-030ab2fb0a9687603 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-00792be50739611a5 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-00792be50739611a5 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-017eaa0eb6c0a5a82 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-017eaa0eb6c0a5a82 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0b1374f7dc115ec15 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0b1374f7dc115ec15 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-012f395e484d6587f |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-012f395e484d6587f is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-08aa4d247c7ccffdc |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-08aa4d247c7ccffdc is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0917b02c94671bf4f |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0917b02c94671bf4f is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-018c5c22dcca87029 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-018c5c22dcca87029 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0ba20af0f6e13842d |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0ba20af0f6e13842d is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0a22f3a76bd625266 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0a22f3a76bd625266 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0d0c97b1e7e19356f |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0d0c97b1e7e19356f is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-03b5e483281934366 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-03b5e483281934366 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-01bb12816bb3c76af |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-01bb12816bb3c76af is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-09a200d0baae1e5d9 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-09a200d0baae1e5d9 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0539c8e289b04484f |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0539c8e289b04484f is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0afda8778a0b2e26b |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0afda8778a0b2e26b is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0809f76b3124e8481 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0809f76b3124e8481 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-07d5aaac92bcdbeac |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-07d5aaac92bcdbeac is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-01cadbf9ddc053792 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-01cadbf9ddc053792 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0a72d597d62e2cd01 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0a72d597d62e2cd01 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-026774bb792a197e7 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-026774bb792a197e7 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0bb6f8f32b2cb4fca |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0bb6f8f32b2cb4fca is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-04df7e251ae6e0cfe |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-04df7e251ae6e0cfe is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-02179a4d126c52aa1 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-02179a4d126c52aa1 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0cc079c73861a4aff |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0cc079c73861a4aff is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0790c7a1b159fdd5a |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0790c7a1b159fdd5a is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-030cd1b57bca13602 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-030cd1b57bca13602 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0e29b99ea2e640b81 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0e29b99ea2e640b81 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0e82db2ffa7743f70 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0e82db2ffa7743f70 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-07879f9ffc76c1a4e |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-07879f9ffc76c1a4e is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-099852369db9e4754 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-099852369db9e4754 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-030ce343c73844bcf |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-030ce343c73844bcf is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0b428785f8c8a3a4c |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0b428785f8c8a3a4c is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-052a9462ffa13ed6c |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-052a9462ffa13ed6c is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-05f5f455f9944443c |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-05f5f455f9944443c is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-019d54e88aface825 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-019d54e88aface825 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0da13f419fb5d9bee |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0da13f419fb5d9bee is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-02a9b47c8ab4cecd0 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-02a9b47c8ab4cecd0 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0243907c6d8396bb8 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0243907c6d8396bb8 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-08e03dcd383a3aa44 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-08e03dcd383a3aa44 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0933a17ca736f6b77 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0933a17ca736f6b77 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-08a0d1a396c4aa2be |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-08a0d1a396c4aa2be is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-049027679ceef886d |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-049027679ceef886d is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-003f763931b0c1e8f |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-003f763931b0c1e8f is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0aeeb74fcdb88ebd9 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0aeeb74fcdb88ebd9 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-03bac3be178a17311 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-03bac3be178a17311 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0b540192b41c105eb |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0b540192b41c105eb is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0530fea6befb7f72b |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0530fea6befb7f72b is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0b688f2736bf5bad4 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0b688f2736bf5bad4 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-00d707adc8480b047 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-00d707adc8480b047 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0882adc631671a2b8 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0882adc631671a2b8 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0f607309686a7d25f |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0f607309686a7d25f is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0317b4229e95fdfd8 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0317b4229e95fdfd8 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0b0b155d289a0bac5 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0b0b155d289a0bac5 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-03a009e9beb0da3f7 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-03a009e9beb0da3f7 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-04a18089c90e1260e |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-04a18089c90e1260e is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0cc58bc4dc97b399b |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0cc58bc4dc97b399b is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0e02a396c750c736b |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0e02a396c750c736b is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0d2c7ad629ee47dfe |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0d2c7ad629ee47dfe is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-055f56fdedf0b6a7f |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-055f56fdedf0b6a7f is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0a198bef20f78d466 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0a198bef20f78d466 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0a4e9dcee59c3e935 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0a4e9dcee59c3e935 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-003cbcab27a2b8cc5 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-003cbcab27a2b8cc5 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0b953ec8b25bb79b8 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0b953ec8b25bb79b8 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0e7efcd133510ac82 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0e7efcd133510ac82 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0d48e7f1ecb2af58f |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0d48e7f1ecb2af58f is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-049710eb990d06c66 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-049710eb990d06c66 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-015a805bbdab25397 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-015a805bbdab25397 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0ccecbf3352a85d92 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0ccecbf3352a85d92 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0c1d90fc770c08f3e |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0c1d90fc770c08f3e is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-001499538bfa02c79 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-001499538bfa02c79 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0d61a3d02fe050a79 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0d61a3d02fe050a79 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-00564895a4b383633 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-00564895a4b383633 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0b7a64d674eb5cf25 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0b7a64d674eb5cf25 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-004af16197f9b2d15 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-004af16197f9b2d15 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0ad073989c9e51746 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0ad073989c9e51746 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-086b0b2cb77911fbe |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-086b0b2cb77911fbe is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0d309e43242d16c39 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0d309e43242d16c39 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0054279d78fa43f21 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0054279d78fa43f21 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-08509fb97f6368608 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-08509fb97f6368608 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0af74db7b91ad0fef |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0af74db7b91ad0fef is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0cb054b96ef1201b6 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0cb054b96ef1201b6 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-05a1ab37a7c734e7e |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-05a1ab37a7c734e7e is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-06981ad9be754bda5 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-06981ad9be754bda5 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-01799a1036509fce7 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-01799a1036509fce7 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-037e436a6609b27ef |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-037e436a6609b27ef is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0946da4a34969a91c |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0946da4a34969a91c is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0228aa32190cbf607 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0228aa32190cbf607 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0591754941a65dbf2 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0591754941a65dbf2 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0a0b477588407543f |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0a0b477588407543f is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0a0babf6f9261e644 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0a0babf6f9261e644 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0593aca86b1b615c6 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0593aca86b1b615c6 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-04c897c6bcd9fce84 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-04c897c6bcd9fce84 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-083f1d3cebf29b150 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-083f1d3cebf29b150 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0009dd882eaf0b4b2 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0009dd882eaf0b4b2 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0782856870ae5a65f |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0782856870ae5a65f is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0365d7ae246dcc20d |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0365d7ae246dcc20d is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-076197ad79c63334a |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-076197ad79c63334a is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0843e2d1f28ec1157 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0843e2d1f28ec1157 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-03008860ecba17e98 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-03008860ecba17e98 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-03c18165e84e612dd |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-03c18165e84e612dd is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-06bc8be4b0b3f49b0 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-06bc8be4b0b3f49b0 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0bd60c5cf3baf472a |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0bd60c5cf3baf472a is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0e98fda1728ea85c8 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0e98fda1728ea85c8 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0eb96d6970d0fd9af |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0eb96d6970d0fd9af is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-02d2235f771236c27 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-02d2235f771236c27 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-0654f22072d6a5788 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-0654f22072d6a5788 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-004c3c5024e66c34a |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-004c3c5024e66c34a is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EBS snapshots are encrypted. |
snap-09ad6617f54885be5 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-09ad6617f54885be5 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| FAIL |
medium |
ec2 |
us-east-1 |
Check if EBS snapshots are encrypted. |
snap-022b448678f2eeb65 |
Check if EBS snapshots are encrypted. |
ec2_ebs_snapshots_encrypted |
EBS Snapshot snap-022b448678f2eeb65 is unencrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Ensure there are no EBS Volumes unencrypted. |
vol-0a7716b4993f44f25 |
Ensure there are no EBS Volumes unencrypted. |
ec2_ebs_volume_encryption |
EBS Snapshot vol-0a7716b4993f44f25 is unencrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Ensure there are no EBS Volumes unencrypted. |
vol-0119f51a29ad658eb |
Ensure there are no EBS Volumes unencrypted. |
ec2_ebs_volume_encryption |
EBS Snapshot vol-0119f51a29ad658eb is unencrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Ensure there are no EBS Volumes unencrypted. |
vol-05ded263a69d9d833 |
Ensure there are no EBS Volumes unencrypted. |
ec2_ebs_volume_encryption |
EBS Snapshot vol-05ded263a69d9d833 is unencrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Ensure there are no EBS Volumes unencrypted. |
vol-07a6182179d8938fd |
Ensure there are no EBS Volumes unencrypted. |
ec2_ebs_volume_encryption |
EBS Snapshot vol-07a6182179d8938fd is unencrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Ensure there are no EBS Volumes unencrypted. |
vol-06efd9c62aa64e2dd |
Ensure there are no EBS Volumes unencrypted. |
ec2_ebs_volume_encryption |
EBS Snapshot vol-06efd9c62aa64e2dd is unencrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Ensure there are no EBS Volumes unencrypted. |
vol-08328a27be868eb2b |
Ensure there are no EBS Volumes unencrypted. |
ec2_ebs_volume_encryption |
EBS Snapshot vol-08328a27be868eb2b is unencrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Ensure there are no EBS Volumes unencrypted. |
vol-0719495912d867e2c |
Ensure there are no EBS Volumes unencrypted. |
ec2_ebs_volume_encryption |
EBS Snapshot vol-0719495912d867e2c is unencrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Ensure there are no EBS Volumes unencrypted. |
vol-04c8c61f50865cdeb |
Ensure there are no EBS Volumes unencrypted. |
ec2_ebs_volume_encryption |
EBS Snapshot vol-04c8c61f50865cdeb is unencrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Ensure there are no EBS Volumes unencrypted. |
vol-0fd080910d1dcbe19 |
Ensure there are no EBS Volumes unencrypted. |
ec2_ebs_volume_encryption |
EBS Snapshot vol-0fd080910d1dcbe19 is unencrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Ensure there are no EBS Volumes unencrypted. |
vol-0edae4ca3ad260b56 |
Ensure there are no EBS Volumes unencrypted. |
ec2_ebs_volume_encryption |
EBS Snapshot vol-0edae4ca3ad260b56 is unencrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Ensure there are no EBS Volumes unencrypted. |
vol-0abd04ed1231ade0f |
Ensure there are no EBS Volumes unencrypted. |
ec2_ebs_volume_encryption |
EBS Snapshot vol-0abd04ed1231ade0f is unencrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Ensure there are no EBS Volumes unencrypted. |
vol-08fab72f5f2f77747 |
Ensure there are no EBS Volumes unencrypted. |
ec2_ebs_volume_encryption |
EBS Snapshot vol-08fab72f5f2f77747 is unencrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Ensure there are no EBS Volumes unencrypted. |
vol-05f2620eeefe09d8c |
Ensure there are no EBS Volumes unencrypted. |
ec2_ebs_volume_encryption |
EBS Snapshot vol-05f2620eeefe09d8c is unencrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Ensure there are no EBS Volumes unencrypted. |
vol-0f923fdc1a835f55b |
Ensure there are no EBS Volumes unencrypted. |
ec2_ebs_volume_encryption |
EBS Snapshot vol-0f923fdc1a835f55b is unencrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Ensure there are no EBS Volumes unencrypted. |
vol-02e5c947fe6f6a9d0 |
Ensure there are no EBS Volumes unencrypted. |
ec2_ebs_volume_encryption |
EBS Snapshot vol-02e5c947fe6f6a9d0 is unencrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Ensure there are no EBS Volumes unencrypted. |
vol-00e9b8dfc523697f4 |
Ensure there are no EBS Volumes unencrypted. |
ec2_ebs_volume_encryption |
EBS Snapshot vol-00e9b8dfc523697f4 is unencrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Ensure there are no EBS Volumes unencrypted. |
vol-061c22725dfe989a1 |
Ensure there are no EBS Volumes unencrypted. |
ec2_ebs_volume_encryption |
EBS Snapshot vol-061c22725dfe989a1 is unencrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Ensure there are no EBS Volumes unencrypted. |
vol-019e29d450abbe8e6 |
Ensure there are no EBS Volumes unencrypted. |
ec2_ebs_volume_encryption |
EBS Snapshot vol-019e29d450abbe8e6 is unencrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Ensure there are no EBS Volumes unencrypted. |
vol-0ec44b94e55849a1e |
Ensure there are no EBS Volumes unencrypted. |
ec2_ebs_volume_encryption |
EBS Snapshot vol-0ec44b94e55849a1e is unencrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Ensure there are no EBS Volumes unencrypted. |
vol-0adc058c1d270dd86 |
Ensure there are no EBS Volumes unencrypted. |
ec2_ebs_volume_encryption |
EBS Snapshot vol-0adc058c1d270dd86 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Ensure there are no EBS Volumes unencrypted. |
vol-0222c657313583109 |
Ensure there are no EBS Volumes unencrypted. |
ec2_ebs_volume_encryption |
EBS Snapshot vol-0222c657313583109 is unencrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Ensure there are no EBS Volumes unencrypted. |
vol-00ffdee7173a0513c |
Ensure there are no EBS Volumes unencrypted. |
ec2_ebs_volume_encryption |
EBS Snapshot vol-00ffdee7173a0513c is unencrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Ensure there are no EBS Volumes unencrypted. |
vol-017864882d63972b0 |
Ensure there are no EBS Volumes unencrypted. |
ec2_ebs_volume_encryption |
EBS Snapshot vol-017864882d63972b0 is unencrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Ensure there are no EBS Volumes unencrypted. |
vol-023e6184e12335e30 |
Ensure there are no EBS Volumes unencrypted. |
ec2_ebs_volume_encryption |
EBS Snapshot vol-023e6184e12335e30 is encrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Ensure there are no EBS Volumes unencrypted. |
vol-0a0920da320510d32 |
Ensure there are no EBS Volumes unencrypted. |
ec2_ebs_volume_encryption |
EBS Snapshot vol-0a0920da320510d32 is unencrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Ensure there are no EBS Volumes unencrypted. |
vol-0e92021acccf43774 |
Ensure there are no EBS Volumes unencrypted. |
ec2_ebs_volume_encryption |
EBS Snapshot vol-0e92021acccf43774 is unencrypted. |
Data encryption at rest prevents data visibility in the event of its unauthorized access or theft. |
Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Check if there is any unassigned Elastic IP. |
13.126.195.229 |
Check if there is any unassigned Elastic IP. |
ec2_elastic_ip_unassgined |
Elastic IP 13.126.195.229 is associated with an instance or network interface. |
Unassigned Elastic IPs may result in extra cost. |
Ensure Elastic IPs are not unassigned. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Check if there is any unassigned Elastic IP. |
13.127.148.48 |
Check if there is any unassigned Elastic IP. |
ec2_elastic_ip_unassgined |
Elastic IP 13.127.148.48 is associated with an instance or network interface. |
Unassigned Elastic IPs may result in extra cost. |
Ensure Elastic IPs are not unassigned. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Check if there is any unassigned Elastic IP. |
13.232.150.131 |
Check if there is any unassigned Elastic IP. |
ec2_elastic_ip_unassgined |
Elastic IP 13.232.150.131 is associated with an instance or network interface. |
Unassigned Elastic IPs may result in extra cost. |
Ensure Elastic IPs are not unassigned. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Check if there is any unassigned Elastic IP. |
13.233.63.131 |
Check if there is any unassigned Elastic IP. |
ec2_elastic_ip_unassgined |
Elastic IP 13.233.63.131 is not associated with an instance or network interface. |
Unassigned Elastic IPs may result in extra cost. |
Ensure Elastic IPs are not unassigned. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Check if there is any unassigned Elastic IP. |
13.234.241.114 |
Check if there is any unassigned Elastic IP. |
ec2_elastic_ip_unassgined |
Elastic IP 13.234.241.114 is associated with an instance or network interface. |
Unassigned Elastic IPs may result in extra cost. |
Ensure Elastic IPs are not unassigned. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Check if there is any unassigned Elastic IP. |
13.235.34.5 |
Check if there is any unassigned Elastic IP. |
ec2_elastic_ip_unassgined |
Elastic IP 13.235.34.5 is associated with an instance or network interface. |
Unassigned Elastic IPs may result in extra cost. |
Ensure Elastic IPs are not unassigned. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Check if there is any unassigned Elastic IP. |
15.206.129.110 |
Check if there is any unassigned Elastic IP. |
ec2_elastic_ip_unassgined |
Elastic IP 15.206.129.110 is associated with an instance or network interface. |
Unassigned Elastic IPs may result in extra cost. |
Ensure Elastic IPs are not unassigned. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Check if there is any unassigned Elastic IP. |
15.206.15.203 |
Check if there is any unassigned Elastic IP. |
ec2_elastic_ip_unassgined |
Elastic IP 15.206.15.203 is not associated with an instance or network interface. |
Unassigned Elastic IPs may result in extra cost. |
Ensure Elastic IPs are not unassigned. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Check if there is any unassigned Elastic IP. |
15.206.191.199 |
Check if there is any unassigned Elastic IP. |
ec2_elastic_ip_unassgined |
Elastic IP 15.206.191.199 is associated with an instance or network interface. |
Unassigned Elastic IPs may result in extra cost. |
Ensure Elastic IPs are not unassigned. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Check if there is any unassigned Elastic IP. |
15.206.24.152 |
Check if there is any unassigned Elastic IP. |
ec2_elastic_ip_unassgined |
Elastic IP 15.206.24.152 is associated with an instance or network interface. |
Unassigned Elastic IPs may result in extra cost. |
Ensure Elastic IPs are not unassigned. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Check if there is any unassigned Elastic IP. |
15.207.38.210 |
Check if there is any unassigned Elastic IP. |
ec2_elastic_ip_unassgined |
Elastic IP 15.207.38.210 is associated with an instance or network interface. |
Unassigned Elastic IPs may result in extra cost. |
Ensure Elastic IPs are not unassigned. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Check if there is any unassigned Elastic IP. |
3.108.178.28 |
Check if there is any unassigned Elastic IP. |
ec2_elastic_ip_unassgined |
Elastic IP 3.108.178.28 is associated with an instance or network interface. |
Unassigned Elastic IPs may result in extra cost. |
Ensure Elastic IPs are not unassigned. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Check if there is any unassigned Elastic IP. |
3.111.112.116 |
Check if there is any unassigned Elastic IP. |
ec2_elastic_ip_unassgined |
Elastic IP 3.111.112.116 is associated with an instance or network interface. |
Unassigned Elastic IPs may result in extra cost. |
Ensure Elastic IPs are not unassigned. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Check if there is any unassigned Elastic IP. |
3.111.193.196 |
Check if there is any unassigned Elastic IP. |
ec2_elastic_ip_unassgined |
Elastic IP 3.111.193.196 is associated with an instance or network interface. |
Unassigned Elastic IPs may result in extra cost. |
Ensure Elastic IPs are not unassigned. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Check if there is any unassigned Elastic IP. |
3.6.218.172 |
Check if there is any unassigned Elastic IP. |
ec2_elastic_ip_unassgined |
Elastic IP 3.6.218.172 is associated with an instance or network interface. |
Unassigned Elastic IPs may result in extra cost. |
Ensure Elastic IPs are not unassigned. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Check if there is any unassigned Elastic IP. |
3.6.34.160 |
Check if there is any unassigned Elastic IP. |
ec2_elastic_ip_unassgined |
Elastic IP 3.6.34.160 is associated with an instance or network interface. |
Unassigned Elastic IPs may result in extra cost. |
Ensure Elastic IPs are not unassigned. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Check if there is any unassigned Elastic IP. |
3.6.49.75 |
Check if there is any unassigned Elastic IP. |
ec2_elastic_ip_unassgined |
Elastic IP 3.6.49.75 is associated with an instance or network interface. |
Unassigned Elastic IPs may result in extra cost. |
Ensure Elastic IPs are not unassigned. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Check if there is any unassigned Elastic IP. |
3.6.83.28 |
Check if there is any unassigned Elastic IP. |
ec2_elastic_ip_unassgined |
Elastic IP 3.6.83.28 is not associated with an instance or network interface. |
Unassigned Elastic IPs may result in extra cost. |
Ensure Elastic IPs are not unassigned. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Check if there is any unassigned Elastic IP. |
3.6.99.2 |
Check if there is any unassigned Elastic IP. |
ec2_elastic_ip_unassgined |
Elastic IP 3.6.99.2 is not associated with an instance or network interface. |
Unassigned Elastic IPs may result in extra cost. |
Ensure Elastic IPs are not unassigned. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Check if there is any unassigned Elastic IP. |
3.7.26.52 |
Check if there is any unassigned Elastic IP. |
ec2_elastic_ip_unassgined |
Elastic IP 3.7.26.52 is not associated with an instance or network interface. |
Unassigned Elastic IPs may result in extra cost. |
Ensure Elastic IPs are not unassigned. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Check if there is any unassigned Elastic IP. |
65.0.148.77 |
Check if there is any unassigned Elastic IP. |
ec2_elastic_ip_unassgined |
Elastic IP 65.0.148.77 is associated with an instance or network interface. |
Unassigned Elastic IPs may result in extra cost. |
Ensure Elastic IPs are not unassigned. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Check if there is any unassigned Elastic IP. |
65.1.14.161 |
Check if there is any unassigned Elastic IP. |
ec2_elastic_ip_unassgined |
Elastic IP 65.1.14.161 is not associated with an instance or network interface. |
Unassigned Elastic IPs may result in extra cost. |
Ensure Elastic IPs are not unassigned. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Check if there is any unassigned Elastic IP. |
65.1.189.126 |
Check if there is any unassigned Elastic IP. |
ec2_elastic_ip_unassgined |
Elastic IP 65.1.189.126 is associated with an instance or network interface. |
Unassigned Elastic IPs may result in extra cost. |
Ensure Elastic IPs are not unassigned. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Check if there is any unassigned Elastic IP. |
65.1.202.96 |
Check if there is any unassigned Elastic IP. |
ec2_elastic_ip_unassgined |
Elastic IP 65.1.202.96 is associated with an instance or network interface. |
Unassigned Elastic IPs may result in extra cost. |
Ensure Elastic IPs are not unassigned. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Check if there is any unassigned Elastic IP. |
65.2.108.162 |
Check if there is any unassigned Elastic IP. |
ec2_elastic_ip_unassgined |
Elastic IP 65.2.108.162 is associated with an instance or network interface. |
Unassigned Elastic IPs may result in extra cost. |
Ensure Elastic IPs are not unassigned. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Check if there is any unassigned Elastic IP. |
65.2.28.105 |
Check if there is any unassigned Elastic IP. |
ec2_elastic_ip_unassgined |
Elastic IP 65.2.28.105 is associated with an instance or network interface. |
Unassigned Elastic IPs may result in extra cost. |
Ensure Elastic IPs are not unassigned. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Check if there is any unassigned Elastic IP. |
65.2.72.56 |
Check if there is any unassigned Elastic IP. |
ec2_elastic_ip_unassgined |
Elastic IP 65.2.72.56 is not associated with an instance or network interface. |
Unassigned Elastic IPs may result in extra cost. |
Ensure Elastic IPs are not unassigned. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Check if there is any unassigned Elastic IP. |
65.2.99.72 |
Check if there is any unassigned Elastic IP. |
ec2_elastic_ip_unassgined |
Elastic IP 65.2.99.72 is not associated with an instance or network interface. |
Unassigned Elastic IPs may result in extra cost. |
Ensure Elastic IPs are not unassigned. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
i-015f59467ce090d2c |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
ec2_instance_imdsv2_enabled |
EC2 Instance i-015f59467ce090d2c has IMDSv2 disabled or not required. |
Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not. |
If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
i-0eabd350f88ce5124 |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
ec2_instance_imdsv2_enabled |
EC2 Instance i-0eabd350f88ce5124 has IMDSv2 disabled or not required. |
Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not. |
If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
i-05f0f6f96eb4fd86d |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
ec2_instance_imdsv2_enabled |
EC2 Instance i-05f0f6f96eb4fd86d has IMDSv2 disabled or not required. |
Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not. |
If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
i-0e512cb262096ac31 |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
ec2_instance_imdsv2_enabled |
EC2 Instance i-0e512cb262096ac31 has IMDSv2 disabled or not required. |
Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not. |
If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
i-02908a5ca4dede651 |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
ec2_instance_imdsv2_enabled |
EC2 Instance i-02908a5ca4dede651 has IMDSv2 disabled or not required. |
Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not. |
If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
i-066bd8233c2efdfd0 |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
ec2_instance_imdsv2_enabled |
EC2 Instance i-066bd8233c2efdfd0 has IMDSv2 disabled or not required. |
Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not. |
If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
i-099e4408cbeebdcdb |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
ec2_instance_imdsv2_enabled |
EC2 Instance i-099e4408cbeebdcdb has IMDSv2 disabled or not required. |
Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not. |
If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
i-08543e56cbaf9f19c |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
ec2_instance_imdsv2_enabled |
EC2 Instance i-08543e56cbaf9f19c has IMDSv2 disabled or not required. |
Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not. |
If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
i-0e5a35628e55bb883 |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
ec2_instance_imdsv2_enabled |
EC2 Instance i-0e5a35628e55bb883 has IMDSv2 disabled or not required. |
Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not. |
If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
i-03da29580a1fb3734 |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
ec2_instance_imdsv2_enabled |
EC2 Instance i-03da29580a1fb3734 has IMDSv2 disabled or not required. |
Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not. |
If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
i-0e0a4b4b40c2a9790 |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
ec2_instance_imdsv2_enabled |
EC2 Instance i-0e0a4b4b40c2a9790 has IMDSv2 disabled or not required. |
Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not. |
If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
i-06f38a8732b98d2e2 |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
ec2_instance_imdsv2_enabled |
EC2 Instance i-06f38a8732b98d2e2 has IMDSv2 disabled or not required. |
Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not. |
If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
i-071332494378f82ae |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
ec2_instance_imdsv2_enabled |
EC2 Instance i-071332494378f82ae has IMDSv2 disabled or not required. |
Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not. |
If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
i-05bad25824ebfdb4d |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
ec2_instance_imdsv2_enabled |
EC2 Instance i-05bad25824ebfdb4d has IMDSv2 disabled or not required. |
Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not. |
If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
i-04b87cb1bc8e2eb3b |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
ec2_instance_imdsv2_enabled |
EC2 Instance i-04b87cb1bc8e2eb3b has IMDSv2 disabled or not required. |
Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not. |
If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
i-0c069862db55fbeda |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
ec2_instance_imdsv2_enabled |
EC2 Instance i-0c069862db55fbeda has IMDSv2 disabled or not required. |
Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not. |
If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
i-0a34a15758fbb8d1f |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
ec2_instance_imdsv2_enabled |
EC2 Instance i-0a34a15758fbb8d1f has IMDSv2 disabled or not required. |
Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not. |
If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
i-00ec225c2a12b853b |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
ec2_instance_imdsv2_enabled |
EC2 Instance i-00ec225c2a12b853b has IMDSv2 disabled or not required. |
Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not. |
If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
i-03171ba2fce1dbd0d |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
ec2_instance_imdsv2_enabled |
EC2 Instance i-03171ba2fce1dbd0d has IMDSv2 disabled or not required. |
Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not. |
If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
i-0d64065cb0e6f682f |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
ec2_instance_imdsv2_enabled |
EC2 Instance i-0d64065cb0e6f682f has IMDSv2 disabled or not required. |
Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not. |
If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
i-037ea098c391480a9 |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
ec2_instance_imdsv2_enabled |
EC2 Instance i-037ea098c391480a9 has IMDSv2 disabled or not required. |
Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not. |
If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
i-0790f4edec81af4fa |
Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. |
ec2_instance_imdsv2_enabled |
EC2 Instance i-0790f4edec81af4fa has IMDSv2 disabled or not required. |
Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not. |
If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check for internet facing EC2 instances with Instance Profiles attached. |
i-015f59467ce090d2c |
Check for internet facing EC2 instances with Instance Profiles attached. |
ec2_instance_internet_facing_with_instance_profile |
EC2 Instance i-015f59467ce090d2c is not internet facing with an instance profile. |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for internet facing EC2 instances with Instance Profiles attached. |
i-0eabd350f88ce5124 |
Check for internet facing EC2 instances with Instance Profiles attached. |
ec2_instance_internet_facing_with_instance_profile |
EC2 Instance i-0eabd350f88ce5124 at IP 13.127.148.48 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access. |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check for internet facing EC2 instances with Instance Profiles attached. |
i-05f0f6f96eb4fd86d |
Check for internet facing EC2 instances with Instance Profiles attached. |
ec2_instance_internet_facing_with_instance_profile |
EC2 Instance i-05f0f6f96eb4fd86d is not internet facing with an instance profile. |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for internet facing EC2 instances with Instance Profiles attached. |
i-0e512cb262096ac31 |
Check for internet facing EC2 instances with Instance Profiles attached. |
ec2_instance_internet_facing_with_instance_profile |
EC2 Instance i-0e512cb262096ac31 at IP 3.6.34.160 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/Windows_troubleshoot. |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for internet facing EC2 instances with Instance Profiles attached. |
i-02908a5ca4dede651 |
Check for internet facing EC2 instances with Instance Profiles attached. |
ec2_instance_internet_facing_with_instance_profile |
EC2 Instance i-02908a5ca4dede651 at IP 15.206.129.110 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access. |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for internet facing EC2 instances with Instance Profiles attached. |
i-066bd8233c2efdfd0 |
Check for internet facing EC2 instances with Instance Profiles attached. |
ec2_instance_internet_facing_with_instance_profile |
EC2 Instance i-066bd8233c2efdfd0 at IP 3.6.218.172 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access. |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for internet facing EC2 instances with Instance Profiles attached. |
i-099e4408cbeebdcdb |
Check for internet facing EC2 instances with Instance Profiles attached. |
ec2_instance_internet_facing_with_instance_profile |
EC2 Instance i-099e4408cbeebdcdb at IP 65.1.202.96 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access. |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for internet facing EC2 instances with Instance Profiles attached. |
i-08543e56cbaf9f19c |
Check for internet facing EC2 instances with Instance Profiles attached. |
ec2_instance_internet_facing_with_instance_profile |
EC2 Instance i-08543e56cbaf9f19c at IP 65.2.28.105 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access. |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for internet facing EC2 instances with Instance Profiles attached. |
i-0e5a35628e55bb883 |
Check for internet facing EC2 instances with Instance Profiles attached. |
ec2_instance_internet_facing_with_instance_profile |
EC2 Instance i-0e5a35628e55bb883 at IP 3.108.178.28 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access. |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for internet facing EC2 instances with Instance Profiles attached. |
i-03da29580a1fb3734 |
Check for internet facing EC2 instances with Instance Profiles attached. |
ec2_instance_internet_facing_with_instance_profile |
EC2 Instance i-03da29580a1fb3734 at IP 65.1.189.126 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access. |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check for internet facing EC2 instances with Instance Profiles attached. |
i-0e0a4b4b40c2a9790 |
Check for internet facing EC2 instances with Instance Profiles attached. |
ec2_instance_internet_facing_with_instance_profile |
EC2 Instance i-0e0a4b4b40c2a9790 is not internet facing with an instance profile. |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for internet facing EC2 instances with Instance Profiles attached. |
i-06f38a8732b98d2e2 |
Check for internet facing EC2 instances with Instance Profiles attached. |
ec2_instance_internet_facing_with_instance_profile |
EC2 Instance i-06f38a8732b98d2e2 at IP 3.6.49.75 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access. |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for internet facing EC2 instances with Instance Profiles attached. |
i-071332494378f82ae |
Check for internet facing EC2 instances with Instance Profiles attached. |
ec2_instance_internet_facing_with_instance_profile |
EC2 Instance i-071332494378f82ae at IP 65.2.108.162 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access. |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for internet facing EC2 instances with Instance Profiles attached. |
i-05bad25824ebfdb4d |
Check for internet facing EC2 instances with Instance Profiles attached. |
ec2_instance_internet_facing_with_instance_profile |
EC2 Instance i-05bad25824ebfdb4d at IP 13.235.34.5 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access. |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for internet facing EC2 instances with Instance Profiles attached. |
i-04b87cb1bc8e2eb3b |
Check for internet facing EC2 instances with Instance Profiles attached. |
ec2_instance_internet_facing_with_instance_profile |
EC2 Instance i-04b87cb1bc8e2eb3b at IP 3.111.193.196 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access. |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for internet facing EC2 instances with Instance Profiles attached. |
i-0c069862db55fbeda |
Check for internet facing EC2 instances with Instance Profiles attached. |
ec2_instance_internet_facing_with_instance_profile |
EC2 Instance i-0c069862db55fbeda at IP 15.206.24.152 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access. |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for internet facing EC2 instances with Instance Profiles attached. |
i-0a34a15758fbb8d1f |
Check for internet facing EC2 instances with Instance Profiles attached. |
ec2_instance_internet_facing_with_instance_profile |
EC2 Instance i-0a34a15758fbb8d1f at IP 13.126.195.229 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access. |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for internet facing EC2 instances with Instance Profiles attached. |
i-00ec225c2a12b853b |
Check for internet facing EC2 instances with Instance Profiles attached. |
ec2_instance_internet_facing_with_instance_profile |
EC2 Instance i-00ec225c2a12b853b at IP 13.234.241.114 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access. |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check for internet facing EC2 instances with Instance Profiles attached. |
i-03171ba2fce1dbd0d |
Check for internet facing EC2 instances with Instance Profiles attached. |
ec2_instance_internet_facing_with_instance_profile |
EC2 Instance i-03171ba2fce1dbd0d is not internet facing with an instance profile. |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for internet facing EC2 instances with Instance Profiles attached. |
i-0d64065cb0e6f682f |
Check for internet facing EC2 instances with Instance Profiles attached. |
ec2_instance_internet_facing_with_instance_profile |
EC2 Instance i-0d64065cb0e6f682f at IP 15.206.67.217 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/poc-DR-ec2-s3. |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for internet facing EC2 instances with Instance Profiles attached. |
i-037ea098c391480a9 |
Check for internet facing EC2 instances with Instance Profiles attached. |
ec2_instance_internet_facing_with_instance_profile |
EC2 Instance i-037ea098c391480a9 at IP 3.111.112.116 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access. |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check for internet facing EC2 instances with Instance Profiles attached. |
i-0790f4edec81af4fa |
Check for internet facing EC2 instances with Instance Profiles attached. |
ec2_instance_internet_facing_with_instance_profile |
EC2 Instance i-0790f4edec81af4fa is not internet facing with an instance profile. |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 instances are managed by Systems Manager. |
i-015f59467ce090d2c |
Check if EC2 instances are managed by Systems Manager. |
ec2_instance_managed_by_ssm |
EC2 Instance i-015f59467ce090d2c is not managed by Systems Manager. |
AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices. |
Verify and apply Systems Manager Prerequisites. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EC2 instances are managed by Systems Manager. |
i-0eabd350f88ce5124 |
Check if EC2 instances are managed by Systems Manager. |
ec2_instance_managed_by_ssm |
EC2 Instance i-0eabd350f88ce5124 is managed by Systems Manager. |
AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices. |
Verify and apply Systems Manager Prerequisites. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 instances are managed by Systems Manager. |
i-05f0f6f96eb4fd86d |
Check if EC2 instances are managed by Systems Manager. |
ec2_instance_managed_by_ssm |
EC2 Instance i-05f0f6f96eb4fd86d is not managed by Systems Manager. |
AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices. |
Verify and apply Systems Manager Prerequisites. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 instances are managed by Systems Manager. |
i-0e512cb262096ac31 |
Check if EC2 instances are managed by Systems Manager. |
ec2_instance_managed_by_ssm |
EC2 Instance i-0e512cb262096ac31 is not managed by Systems Manager. |
AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices. |
Verify and apply Systems Manager Prerequisites. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 instances are managed by Systems Manager. |
i-02908a5ca4dede651 |
Check if EC2 instances are managed by Systems Manager. |
ec2_instance_managed_by_ssm |
EC2 Instance i-02908a5ca4dede651 is not managed by Systems Manager. |
AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices. |
Verify and apply Systems Manager Prerequisites. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 instances are managed by Systems Manager. |
i-066bd8233c2efdfd0 |
Check if EC2 instances are managed by Systems Manager. |
ec2_instance_managed_by_ssm |
EC2 Instance i-066bd8233c2efdfd0 is not managed by Systems Manager. |
AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices. |
Verify and apply Systems Manager Prerequisites. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 instances are managed by Systems Manager. |
i-099e4408cbeebdcdb |
Check if EC2 instances are managed by Systems Manager. |
ec2_instance_managed_by_ssm |
EC2 Instance i-099e4408cbeebdcdb is not managed by Systems Manager. |
AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices. |
Verify and apply Systems Manager Prerequisites. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 instances are managed by Systems Manager. |
i-08543e56cbaf9f19c |
Check if EC2 instances are managed by Systems Manager. |
ec2_instance_managed_by_ssm |
EC2 Instance i-08543e56cbaf9f19c is not managed by Systems Manager. |
AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices. |
Verify and apply Systems Manager Prerequisites. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 instances are managed by Systems Manager. |
i-0e5a35628e55bb883 |
Check if EC2 instances are managed by Systems Manager. |
ec2_instance_managed_by_ssm |
EC2 Instance i-0e5a35628e55bb883 is not managed by Systems Manager. |
AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices. |
Verify and apply Systems Manager Prerequisites. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EC2 instances are managed by Systems Manager. |
i-03da29580a1fb3734 |
Check if EC2 instances are managed by Systems Manager. |
ec2_instance_managed_by_ssm |
EC2 Instance i-03da29580a1fb3734 is managed by Systems Manager. |
AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices. |
Verify and apply Systems Manager Prerequisites. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 instances are managed by Systems Manager. |
i-0e0a4b4b40c2a9790 |
Check if EC2 instances are managed by Systems Manager. |
ec2_instance_managed_by_ssm |
EC2 Instance i-0e0a4b4b40c2a9790 is not managed by Systems Manager. |
AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices. |
Verify and apply Systems Manager Prerequisites. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 instances are managed by Systems Manager. |
i-06f38a8732b98d2e2 |
Check if EC2 instances are managed by Systems Manager. |
ec2_instance_managed_by_ssm |
EC2 Instance i-06f38a8732b98d2e2 is not managed by Systems Manager. |
AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices. |
Verify and apply Systems Manager Prerequisites. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EC2 instances are managed by Systems Manager. |
i-071332494378f82ae |
Check if EC2 instances are managed by Systems Manager. |
ec2_instance_managed_by_ssm |
EC2 Instance i-071332494378f82ae is managed by Systems Manager. |
AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices. |
Verify and apply Systems Manager Prerequisites. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EC2 instances are managed by Systems Manager. |
i-05bad25824ebfdb4d |
Check if EC2 instances are managed by Systems Manager. |
ec2_instance_managed_by_ssm |
EC2 Instance i-05bad25824ebfdb4d is managed by Systems Manager. |
AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices. |
Verify and apply Systems Manager Prerequisites. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 instances are managed by Systems Manager. |
i-04b87cb1bc8e2eb3b |
Check if EC2 instances are managed by Systems Manager. |
ec2_instance_managed_by_ssm |
EC2 Instance i-04b87cb1bc8e2eb3b is not managed by Systems Manager. |
AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices. |
Verify and apply Systems Manager Prerequisites. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 instances are managed by Systems Manager. |
i-0c069862db55fbeda |
Check if EC2 instances are managed by Systems Manager. |
ec2_instance_managed_by_ssm |
EC2 Instance i-0c069862db55fbeda is not managed by Systems Manager. |
AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices. |
Verify and apply Systems Manager Prerequisites. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 instances are managed by Systems Manager. |
i-0a34a15758fbb8d1f |
Check if EC2 instances are managed by Systems Manager. |
ec2_instance_managed_by_ssm |
EC2 Instance i-0a34a15758fbb8d1f is not managed by Systems Manager. |
AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices. |
Verify and apply Systems Manager Prerequisites. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check if EC2 instances are managed by Systems Manager. |
i-00ec225c2a12b853b |
Check if EC2 instances are managed by Systems Manager. |
ec2_instance_managed_by_ssm |
EC2 Instance i-00ec225c2a12b853b is managed by Systems Manager. |
AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices. |
Verify and apply Systems Manager Prerequisites. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 instances are managed by Systems Manager. |
i-03171ba2fce1dbd0d |
Check if EC2 instances are managed by Systems Manager. |
ec2_instance_managed_by_ssm |
EC2 Instance i-03171ba2fce1dbd0d is not managed by Systems Manager. |
AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices. |
Verify and apply Systems Manager Prerequisites. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 instances are managed by Systems Manager. |
i-0d64065cb0e6f682f |
Check if EC2 instances are managed by Systems Manager. |
ec2_instance_managed_by_ssm |
EC2 Instance i-0d64065cb0e6f682f is not managed by Systems Manager. |
AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices. |
Verify and apply Systems Manager Prerequisites. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 instances are managed by Systems Manager. |
i-037ea098c391480a9 |
Check if EC2 instances are managed by Systems Manager. |
ec2_instance_managed_by_ssm |
EC2 Instance i-037ea098c391480a9 is not managed by Systems Manager. |
AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices. |
Verify and apply Systems Manager Prerequisites. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check if EC2 instances are managed by Systems Manager. |
i-0790f4edec81af4fa |
Check if EC2 instances are managed by Systems Manager. |
ec2_instance_managed_by_ssm |
EC2 Instance i-0790f4edec81af4fa is not managed by Systems Manager. |
AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices. |
Verify and apply Systems Manager Prerequisites. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check EC2 Instances older than specific days. |
i-015f59467ce090d2c |
Check EC2 Instances older than specific days. |
ec2_instance_older_than_specific_days |
EC2 Instance i-015f59467ce090d2c is not older than 180 days (14 days). |
Having old instances within your AWS account could increase the risk of having vulnerable software. |
Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check EC2 Instances older than specific days. |
i-0eabd350f88ce5124 |
Check EC2 Instances older than specific days. |
ec2_instance_older_than_specific_days |
EC2 Instance i-0eabd350f88ce5124 is not older than 180 days (37 days). |
Having old instances within your AWS account could increase the risk of having vulnerable software. |
Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check EC2 Instances older than specific days. |
i-05f0f6f96eb4fd86d |
Check EC2 Instances older than specific days. |
ec2_instance_older_than_specific_days |
EC2 Instance i-05f0f6f96eb4fd86d is not running. |
Having old instances within your AWS account could increase the risk of having vulnerable software. |
Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check EC2 Instances older than specific days. |
i-0e512cb262096ac31 |
Check EC2 Instances older than specific days. |
ec2_instance_older_than_specific_days |
EC2 Instance i-0e512cb262096ac31 is not running. |
Having old instances within your AWS account could increase the risk of having vulnerable software. |
Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check EC2 Instances older than specific days. |
i-02908a5ca4dede651 |
Check EC2 Instances older than specific days. |
ec2_instance_older_than_specific_days |
EC2 Instance i-02908a5ca4dede651 is not older than 180 days (36 days). |
Having old instances within your AWS account could increase the risk of having vulnerable software. |
Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check EC2 Instances older than specific days. |
i-066bd8233c2efdfd0 |
Check EC2 Instances older than specific days. |
ec2_instance_older_than_specific_days |
EC2 Instance i-066bd8233c2efdfd0 is not running. |
Having old instances within your AWS account could increase the risk of having vulnerable software. |
Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check EC2 Instances older than specific days. |
i-099e4408cbeebdcdb |
Check EC2 Instances older than specific days. |
ec2_instance_older_than_specific_days |
EC2 Instance i-099e4408cbeebdcdb is not running. |
Having old instances within your AWS account could increase the risk of having vulnerable software. |
Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check EC2 Instances older than specific days. |
i-08543e56cbaf9f19c |
Check EC2 Instances older than specific days. |
ec2_instance_older_than_specific_days |
EC2 Instance i-08543e56cbaf9f19c is not older than 180 days (6 days). |
Having old instances within your AWS account could increase the risk of having vulnerable software. |
Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check EC2 Instances older than specific days. |
i-0e5a35628e55bb883 |
Check EC2 Instances older than specific days. |
ec2_instance_older_than_specific_days |
EC2 Instance i-0e5a35628e55bb883 is not running. |
Having old instances within your AWS account could increase the risk of having vulnerable software. |
Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check EC2 Instances older than specific days. |
i-03da29580a1fb3734 |
Check EC2 Instances older than specific days. |
ec2_instance_older_than_specific_days |
EC2 Instance i-03da29580a1fb3734 is not older than 180 days (46 days). |
Having old instances within your AWS account could increase the risk of having vulnerable software. |
Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check EC2 Instances older than specific days. |
i-0e0a4b4b40c2a9790 |
Check EC2 Instances older than specific days. |
ec2_instance_older_than_specific_days |
EC2 Instance i-0e0a4b4b40c2a9790 is not running. |
Having old instances within your AWS account could increase the risk of having vulnerable software. |
Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check EC2 Instances older than specific days. |
i-06f38a8732b98d2e2 |
Check EC2 Instances older than specific days. |
ec2_instance_older_than_specific_days |
EC2 Instance i-06f38a8732b98d2e2 is not running. |
Having old instances within your AWS account could increase the risk of having vulnerable software. |
Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check EC2 Instances older than specific days. |
i-071332494378f82ae |
Check EC2 Instances older than specific days. |
ec2_instance_older_than_specific_days |
EC2 Instance i-071332494378f82ae is not older than 180 days (46 days). |
Having old instances within your AWS account could increase the risk of having vulnerable software. |
Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check EC2 Instances older than specific days. |
i-05bad25824ebfdb4d |
Check EC2 Instances older than specific days. |
ec2_instance_older_than_specific_days |
EC2 Instance i-05bad25824ebfdb4d is not older than 180 days (13 days). |
Having old instances within your AWS account could increase the risk of having vulnerable software. |
Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check EC2 Instances older than specific days. |
i-04b87cb1bc8e2eb3b |
Check EC2 Instances older than specific days. |
ec2_instance_older_than_specific_days |
EC2 Instance i-04b87cb1bc8e2eb3b is not running. |
Having old instances within your AWS account could increase the risk of having vulnerable software. |
Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check EC2 Instances older than specific days. |
i-0c069862db55fbeda |
Check EC2 Instances older than specific days. |
ec2_instance_older_than_specific_days |
EC2 Instance i-0c069862db55fbeda is not running. |
Having old instances within your AWS account could increase the risk of having vulnerable software. |
Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check EC2 Instances older than specific days. |
i-0a34a15758fbb8d1f |
Check EC2 Instances older than specific days. |
ec2_instance_older_than_specific_days |
EC2 Instance i-0a34a15758fbb8d1f is not running. |
Having old instances within your AWS account could increase the risk of having vulnerable software. |
Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check EC2 Instances older than specific days. |
i-00ec225c2a12b853b |
Check EC2 Instances older than specific days. |
ec2_instance_older_than_specific_days |
EC2 Instance i-00ec225c2a12b853b is not older than 180 days (23 days). |
Having old instances within your AWS account could increase the risk of having vulnerable software. |
Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check EC2 Instances older than specific days. |
i-03171ba2fce1dbd0d |
Check EC2 Instances older than specific days. |
ec2_instance_older_than_specific_days |
EC2 Instance i-03171ba2fce1dbd0d is not running. |
Having old instances within your AWS account could increase the risk of having vulnerable software. |
Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check EC2 Instances older than specific days. |
i-0d64065cb0e6f682f |
Check EC2 Instances older than specific days. |
ec2_instance_older_than_specific_days |
EC2 Instance i-0d64065cb0e6f682f is not older than 180 days (3 days). |
Having old instances within your AWS account could increase the risk of having vulnerable software. |
Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check EC2 Instances older than specific days. |
i-037ea098c391480a9 |
Check EC2 Instances older than specific days. |
ec2_instance_older_than_specific_days |
EC2 Instance i-037ea098c391480a9 is not running. |
Having old instances within your AWS account could increase the risk of having vulnerable software. |
Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check EC2 Instances older than specific days. |
i-0790f4edec81af4fa |
Check EC2 Instances older than specific days. |
ec2_instance_older_than_specific_days |
EC2 Instance i-0790f4edec81af4fa is not older than 180 days (13 days). |
Having old instances within your AWS account could increase the risk of having vulnerable software. |
Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Ensure IAM instance roles are used for AWS resource access from instances |
i-015f59467ce090d2c |
Ensure IAM instance roles are used for AWS resource access from instances. |
ec2_instance_profile_attached |
EC2 Instance i-015f59467ce090d2c not associated with an Instance Profile Role. |
AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account. |
Create an IAM instance role if necessary and attach it to the corresponding EC2 instance.. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Ensure IAM instance roles are used for AWS resource access from instances |
i-0eabd350f88ce5124 |
Ensure IAM instance roles are used for AWS resource access from instances. |
ec2_instance_profile_attached |
EC2 Instance i-0eabd350f88ce5124 associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access. |
AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account. |
Create an IAM instance role if necessary and attach it to the corresponding EC2 instance.. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Ensure IAM instance roles are used for AWS resource access from instances |
i-05f0f6f96eb4fd86d |
Ensure IAM instance roles are used for AWS resource access from instances. |
ec2_instance_profile_attached |
EC2 Instance i-05f0f6f96eb4fd86d not associated with an Instance Profile Role. |
AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account. |
Create an IAM instance role if necessary and attach it to the corresponding EC2 instance.. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Ensure IAM instance roles are used for AWS resource access from instances |
i-0e512cb262096ac31 |
Ensure IAM instance roles are used for AWS resource access from instances. |
ec2_instance_profile_attached |
EC2 Instance i-0e512cb262096ac31 associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/Windows_troubleshoot. |
AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account. |
Create an IAM instance role if necessary and attach it to the corresponding EC2 instance.. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Ensure IAM instance roles are used for AWS resource access from instances |
i-02908a5ca4dede651 |
Ensure IAM instance roles are used for AWS resource access from instances. |
ec2_instance_profile_attached |
EC2 Instance i-02908a5ca4dede651 associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access. |
AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account. |
Create an IAM instance role if necessary and attach it to the corresponding EC2 instance.. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Ensure IAM instance roles are used for AWS resource access from instances |
i-066bd8233c2efdfd0 |
Ensure IAM instance roles are used for AWS resource access from instances. |
ec2_instance_profile_attached |
EC2 Instance i-066bd8233c2efdfd0 associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access. |
AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account. |
Create an IAM instance role if necessary and attach it to the corresponding EC2 instance.. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Ensure IAM instance roles are used for AWS resource access from instances |
i-099e4408cbeebdcdb |
Ensure IAM instance roles are used for AWS resource access from instances. |
ec2_instance_profile_attached |
EC2 Instance i-099e4408cbeebdcdb associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access. |
AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account. |
Create an IAM instance role if necessary and attach it to the corresponding EC2 instance.. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Ensure IAM instance roles are used for AWS resource access from instances |
i-08543e56cbaf9f19c |
Ensure IAM instance roles are used for AWS resource access from instances. |
ec2_instance_profile_attached |
EC2 Instance i-08543e56cbaf9f19c associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access. |
AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account. |
Create an IAM instance role if necessary and attach it to the corresponding EC2 instance.. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Ensure IAM instance roles are used for AWS resource access from instances |
i-0e5a35628e55bb883 |
Ensure IAM instance roles are used for AWS resource access from instances. |
ec2_instance_profile_attached |
EC2 Instance i-0e5a35628e55bb883 associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access. |
AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account. |
Create an IAM instance role if necessary and attach it to the corresponding EC2 instance.. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Ensure IAM instance roles are used for AWS resource access from instances |
i-03da29580a1fb3734 |
Ensure IAM instance roles are used for AWS resource access from instances. |
ec2_instance_profile_attached |
EC2 Instance i-03da29580a1fb3734 associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access. |
AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account. |
Create an IAM instance role if necessary and attach it to the corresponding EC2 instance.. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Ensure IAM instance roles are used for AWS resource access from instances |
i-0e0a4b4b40c2a9790 |
Ensure IAM instance roles are used for AWS resource access from instances. |
ec2_instance_profile_attached |
EC2 Instance i-0e0a4b4b40c2a9790 associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access. |
AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account. |
Create an IAM instance role if necessary and attach it to the corresponding EC2 instance.. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Ensure IAM instance roles are used for AWS resource access from instances |
i-06f38a8732b98d2e2 |
Ensure IAM instance roles are used for AWS resource access from instances. |
ec2_instance_profile_attached |
EC2 Instance i-06f38a8732b98d2e2 associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access. |
AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account. |
Create an IAM instance role if necessary and attach it to the corresponding EC2 instance.. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Ensure IAM instance roles are used for AWS resource access from instances |
i-071332494378f82ae |
Ensure IAM instance roles are used for AWS resource access from instances. |
ec2_instance_profile_attached |
EC2 Instance i-071332494378f82ae associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access. |
AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account. |
Create an IAM instance role if necessary and attach it to the corresponding EC2 instance.. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Ensure IAM instance roles are used for AWS resource access from instances |
i-05bad25824ebfdb4d |
Ensure IAM instance roles are used for AWS resource access from instances. |
ec2_instance_profile_attached |
EC2 Instance i-05bad25824ebfdb4d associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access. |
AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account. |
Create an IAM instance role if necessary and attach it to the corresponding EC2 instance.. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Ensure IAM instance roles are used for AWS resource access from instances |
i-04b87cb1bc8e2eb3b |
Ensure IAM instance roles are used for AWS resource access from instances. |
ec2_instance_profile_attached |
EC2 Instance i-04b87cb1bc8e2eb3b associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access. |
AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account. |
Create an IAM instance role if necessary and attach it to the corresponding EC2 instance.. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Ensure IAM instance roles are used for AWS resource access from instances |
i-0c069862db55fbeda |
Ensure IAM instance roles are used for AWS resource access from instances. |
ec2_instance_profile_attached |
EC2 Instance i-0c069862db55fbeda associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access. |
AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account. |
Create an IAM instance role if necessary and attach it to the corresponding EC2 instance.. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Ensure IAM instance roles are used for AWS resource access from instances |
i-0a34a15758fbb8d1f |
Ensure IAM instance roles are used for AWS resource access from instances. |
ec2_instance_profile_attached |
EC2 Instance i-0a34a15758fbb8d1f associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access. |
AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account. |
Create an IAM instance role if necessary and attach it to the corresponding EC2 instance.. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Ensure IAM instance roles are used for AWS resource access from instances |
i-00ec225c2a12b853b |
Ensure IAM instance roles are used for AWS resource access from instances. |
ec2_instance_profile_attached |
EC2 Instance i-00ec225c2a12b853b associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access. |
AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account. |
Create an IAM instance role if necessary and attach it to the corresponding EC2 instance.. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Ensure IAM instance roles are used for AWS resource access from instances |
i-03171ba2fce1dbd0d |
Ensure IAM instance roles are used for AWS resource access from instances. |
ec2_instance_profile_attached |
EC2 Instance i-03171ba2fce1dbd0d not associated with an Instance Profile Role. |
AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account. |
Create an IAM instance role if necessary and attach it to the corresponding EC2 instance.. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Ensure IAM instance roles are used for AWS resource access from instances |
i-0d64065cb0e6f682f |
Ensure IAM instance roles are used for AWS resource access from instances. |
ec2_instance_profile_attached |
EC2 Instance i-0d64065cb0e6f682f associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/poc-DR-ec2-s3. |
AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account. |
Create an IAM instance role if necessary and attach it to the corresponding EC2 instance.. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Ensure IAM instance roles are used for AWS resource access from instances |
i-037ea098c391480a9 |
Ensure IAM instance roles are used for AWS resource access from instances. |
ec2_instance_profile_attached |
EC2 Instance i-037ea098c391480a9 associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access. |
AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account. |
Create an IAM instance role if necessary and attach it to the corresponding EC2 instance.. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Ensure IAM instance roles are used for AWS resource access from instances |
i-0790f4edec81af4fa |
Ensure IAM instance roles are used for AWS resource access from instances. |
ec2_instance_profile_attached |
EC2 Instance i-0790f4edec81af4fa not associated with an Instance Profile Role. |
AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account. |
Create an IAM instance role if necessary and attach it to the corresponding EC2 instance.. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for EC2 Instances with Public IP. |
i-015f59467ce090d2c |
Check for EC2 Instances with Public IP. |
ec2_instance_public_ip |
EC2 Instance i-015f59467ce090d2c has a Public IP: 65.0.148.77 (). |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for EC2 Instances with Public IP. |
i-0eabd350f88ce5124 |
Check for EC2 Instances with Public IP. |
ec2_instance_public_ip |
EC2 Instance i-0eabd350f88ce5124 has a Public IP: 13.127.148.48 (ec2-13-127-148-48.ap-south-1.compute.amazonaws.com). |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check for EC2 Instances with Public IP. |
i-05f0f6f96eb4fd86d |
Check for EC2 Instances with Public IP. |
ec2_instance_public_ip |
EC2 Instance i-05f0f6f96eb4fd86d has not a Public IP. |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for EC2 Instances with Public IP. |
i-0e512cb262096ac31 |
Check for EC2 Instances with Public IP. |
ec2_instance_public_ip |
EC2 Instance i-0e512cb262096ac31 has a Public IP: 3.6.34.160 (ec2-3-6-34-160.ap-south-1.compute.amazonaws.com). |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for EC2 Instances with Public IP. |
i-02908a5ca4dede651 |
Check for EC2 Instances with Public IP. |
ec2_instance_public_ip |
EC2 Instance i-02908a5ca4dede651 has a Public IP: 15.206.129.110 (ec2-15-206-129-110.ap-south-1.compute.amazonaws.com). |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for EC2 Instances with Public IP. |
i-066bd8233c2efdfd0 |
Check for EC2 Instances with Public IP. |
ec2_instance_public_ip |
EC2 Instance i-066bd8233c2efdfd0 has a Public IP: 3.6.218.172 (ec2-3-6-218-172.ap-south-1.compute.amazonaws.com). |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for EC2 Instances with Public IP. |
i-099e4408cbeebdcdb |
Check for EC2 Instances with Public IP. |
ec2_instance_public_ip |
EC2 Instance i-099e4408cbeebdcdb has a Public IP: 65.1.202.96 (ec2-65-1-202-96.ap-south-1.compute.amazonaws.com). |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for EC2 Instances with Public IP. |
i-08543e56cbaf9f19c |
Check for EC2 Instances with Public IP. |
ec2_instance_public_ip |
EC2 Instance i-08543e56cbaf9f19c has a Public IP: 65.2.28.105 (ec2-65-2-28-105.ap-south-1.compute.amazonaws.com). |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for EC2 Instances with Public IP. |
i-0e5a35628e55bb883 |
Check for EC2 Instances with Public IP. |
ec2_instance_public_ip |
EC2 Instance i-0e5a35628e55bb883 has a Public IP: 3.108.178.28 (ec2-3-108-178-28.ap-south-1.compute.amazonaws.com). |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for EC2 Instances with Public IP. |
i-03da29580a1fb3734 |
Check for EC2 Instances with Public IP. |
ec2_instance_public_ip |
EC2 Instance i-03da29580a1fb3734 has a Public IP: 65.1.189.126 (ec2-65-1-189-126.ap-south-1.compute.amazonaws.com). |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Check for EC2 Instances with Public IP. |
i-0e0a4b4b40c2a9790 |
Check for EC2 Instances with Public IP. |
ec2_instance_public_ip |
EC2 Instance i-0e0a4b4b40c2a9790 has not a Public IP. |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for EC2 Instances with Public IP. |
i-06f38a8732b98d2e2 |
Check for EC2 Instances with Public IP. |
ec2_instance_public_ip |
EC2 Instance i-06f38a8732b98d2e2 has a Public IP: 3.6.49.75 (ec2-3-6-49-75.ap-south-1.compute.amazonaws.com). |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for EC2 Instances with Public IP. |
i-071332494378f82ae |
Check for EC2 Instances with Public IP. |
ec2_instance_public_ip |
EC2 Instance i-071332494378f82ae has a Public IP: 65.2.108.162 (). |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for EC2 Instances with Public IP. |
i-05bad25824ebfdb4d |
Check for EC2 Instances with Public IP. |
ec2_instance_public_ip |
EC2 Instance i-05bad25824ebfdb4d has a Public IP: 13.235.34.5 (). |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for EC2 Instances with Public IP. |
i-04b87cb1bc8e2eb3b |
Check for EC2 Instances with Public IP. |
ec2_instance_public_ip |
EC2 Instance i-04b87cb1bc8e2eb3b has a Public IP: 3.111.193.196 (ec2-3-111-193-196.ap-south-1.compute.amazonaws.com). |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for EC2 Instances with Public IP. |
i-0c069862db55fbeda |
Check for EC2 Instances with Public IP. |
ec2_instance_public_ip |
EC2 Instance i-0c069862db55fbeda has a Public IP: 15.206.24.152 (ec2-15-206-24-152.ap-south-1.compute.amazonaws.com). |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for EC2 Instances with Public IP. |
i-0a34a15758fbb8d1f |
Check for EC2 Instances with Public IP. |
ec2_instance_public_ip |
EC2 Instance i-0a34a15758fbb8d1f has a Public IP: 13.126.195.229 (ec2-13-126-195-229.ap-south-1.compute.amazonaws.com). |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for EC2 Instances with Public IP. |
i-00ec225c2a12b853b |
Check for EC2 Instances with Public IP. |
ec2_instance_public_ip |
EC2 Instance i-00ec225c2a12b853b has a Public IP: 13.234.241.114 (ec2-13-234-241-114.ap-south-1.compute.amazonaws.com). |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for EC2 Instances with Public IP. |
i-03171ba2fce1dbd0d |
Check for EC2 Instances with Public IP. |
ec2_instance_public_ip |
EC2 Instance i-03171ba2fce1dbd0d has a Public IP: 15.206.191.199 (ec2-15-206-191-199.ap-south-1.compute.amazonaws.com). |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for EC2 Instances with Public IP. |
i-0d64065cb0e6f682f |
Check for EC2 Instances with Public IP. |
ec2_instance_public_ip |
EC2 Instance i-0d64065cb0e6f682f has a Public IP: 15.206.67.217 (ec2-15-206-67-217.ap-south-1.compute.amazonaws.com). |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for EC2 Instances with Public IP. |
i-037ea098c391480a9 |
Check for EC2 Instances with Public IP. |
ec2_instance_public_ip |
EC2 Instance i-037ea098c391480a9 has a Public IP: 3.111.112.116 (ec2-3-111-112-116.ap-south-1.compute.amazonaws.com). |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Check for EC2 Instances with Public IP. |
i-0790f4edec81af4fa |
Check for EC2 Instances with Public IP. |
ec2_instance_public_ip |
EC2 Instance i-0790f4edec81af4fa has a Public IP: 13.232.150.131 (ec2-13-232-150-131.ap-south-1.compute.amazonaws.com). |
Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise. |
Use an ALB and apply WAF ACL. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Find secrets in EC2 User Data. |
i-015f59467ce090d2c |
Find secrets in EC2 User Data. |
ec2_instance_secrets_user_data |
No secrets found in EC2 instance i-015f59467ce090d2c since User Data is empty. |
Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services. |
Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Find secrets in EC2 User Data. |
i-0eabd350f88ce5124 |
Find secrets in EC2 User Data. |
ec2_instance_secrets_user_data |
No secrets found in EC2 instance i-0eabd350f88ce5124 since User Data is empty. |
Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services. |
Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Find secrets in EC2 User Data. |
i-05f0f6f96eb4fd86d |
Find secrets in EC2 User Data. |
ec2_instance_secrets_user_data |
No secrets found in EC2 instance i-05f0f6f96eb4fd86d since User Data is empty. |
Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services. |
Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Find secrets in EC2 User Data. |
i-0e512cb262096ac31 |
Find secrets in EC2 User Data. |
ec2_instance_secrets_user_data |
No secrets found in EC2 instance i-0e512cb262096ac31 since User Data is empty. |
Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services. |
Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Find secrets in EC2 User Data. |
i-02908a5ca4dede651 |
Find secrets in EC2 User Data. |
ec2_instance_secrets_user_data |
No secrets found in EC2 instance i-02908a5ca4dede651 since User Data is empty. |
Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services. |
Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Find secrets in EC2 User Data. |
i-066bd8233c2efdfd0 |
Find secrets in EC2 User Data. |
ec2_instance_secrets_user_data |
No secrets found in EC2 instance i-066bd8233c2efdfd0 since User Data is empty. |
Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services. |
Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Find secrets in EC2 User Data. |
i-099e4408cbeebdcdb |
Find secrets in EC2 User Data. |
ec2_instance_secrets_user_data |
No secrets found in EC2 instance i-099e4408cbeebdcdb since User Data is empty. |
Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services. |
Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Find secrets in EC2 User Data. |
i-08543e56cbaf9f19c |
Find secrets in EC2 User Data. |
ec2_instance_secrets_user_data |
No secrets found in EC2 instance i-08543e56cbaf9f19c since User Data is empty. |
Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services. |
Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Find secrets in EC2 User Data. |
i-0e5a35628e55bb883 |
Find secrets in EC2 User Data. |
ec2_instance_secrets_user_data |
No secrets found in EC2 instance i-0e5a35628e55bb883 since User Data is empty. |
Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services. |
Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Find secrets in EC2 User Data. |
i-03da29580a1fb3734 |
Find secrets in EC2 User Data. |
ec2_instance_secrets_user_data |
No secrets found in EC2 instance i-03da29580a1fb3734 since User Data is empty. |
Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services. |
Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Find secrets in EC2 User Data. |
i-0e0a4b4b40c2a9790 |
Find secrets in EC2 User Data. |
ec2_instance_secrets_user_data |
No secrets found in EC2 instance i-0e0a4b4b40c2a9790 since User Data is empty. |
Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services. |
Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Find secrets in EC2 User Data. |
i-06f38a8732b98d2e2 |
Find secrets in EC2 User Data. |
ec2_instance_secrets_user_data |
No secrets found in EC2 instance i-06f38a8732b98d2e2 since User Data is empty. |
Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services. |
Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Find secrets in EC2 User Data. |
i-071332494378f82ae |
Find secrets in EC2 User Data. |
ec2_instance_secrets_user_data |
No secrets found in EC2 instance i-071332494378f82ae since User Data is empty. |
Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services. |
Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Find secrets in EC2 User Data. |
i-05bad25824ebfdb4d |
Find secrets in EC2 User Data. |
ec2_instance_secrets_user_data |
No secrets found in EC2 instance i-05bad25824ebfdb4d since User Data is empty. |
Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services. |
Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Find secrets in EC2 User Data. |
i-04b87cb1bc8e2eb3b |
Find secrets in EC2 User Data. |
ec2_instance_secrets_user_data |
No secrets found in EC2 instance i-04b87cb1bc8e2eb3b since User Data is empty. |
Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services. |
Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Find secrets in EC2 User Data. |
i-0c069862db55fbeda |
Find secrets in EC2 User Data. |
ec2_instance_secrets_user_data |
No secrets found in EC2 instance i-0c069862db55fbeda since User Data is empty. |
Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services. |
Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Find secrets in EC2 User Data. |
i-0a34a15758fbb8d1f |
Find secrets in EC2 User Data. |
ec2_instance_secrets_user_data |
No secrets found in EC2 instance i-0a34a15758fbb8d1f since User Data is empty. |
Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services. |
Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Find secrets in EC2 User Data. |
i-00ec225c2a12b853b |
Find secrets in EC2 User Data. |
ec2_instance_secrets_user_data |
No secrets found in EC2 instance i-00ec225c2a12b853b since User Data is empty. |
Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services. |
Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Find secrets in EC2 User Data. |
i-03171ba2fce1dbd0d |
Find secrets in EC2 User Data. |
ec2_instance_secrets_user_data |
No secrets found in EC2 instance i-03171ba2fce1dbd0d since User Data is empty. |
Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services. |
Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Find secrets in EC2 User Data. |
i-0d64065cb0e6f682f |
Find secrets in EC2 User Data. |
ec2_instance_secrets_user_data |
No secrets found in EC2 instance i-0d64065cb0e6f682f since User Data is empty. |
Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services. |
Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Find secrets in EC2 User Data. |
i-037ea098c391480a9 |
Find secrets in EC2 User Data. |
ec2_instance_secrets_user_data |
No secrets found in EC2 instance i-037ea098c391480a9 since User Data is empty. |
Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services. |
Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets. |
|
| PASS |
critical |
ec2 |
ap-south-1 |
Find secrets in EC2 User Data. |
i-0790f4edec81af4fa |
Find secrets in EC2 User Data. |
ec2_instance_secrets_user_data |
No secrets found in EC2 instance i-0790f4edec81af4fa since User Data is empty. |
Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services. |
Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets. |
|
| FAIL |
high |
ec2 |
ap-northeast-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
acl-3ee94058 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
ec2_networkacl_allow_ingress_any_port |
Network ACL acl-3ee94058 has every port open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-northeast-2 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
acl-7b43c610 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
ec2_networkacl_allow_ingress_any_port |
Network ACL acl-7b43c610 has every port open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-northeast-3 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
acl-00780669 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
ec2_networkacl_allow_ingress_any_port |
Network ACL acl-00780669 has every port open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
acl-059cbe81d2548d6de |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
ec2_networkacl_allow_ingress_any_port |
Network ACL acl-059cbe81d2548d6de has every port open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
acl-07e78237304a6d367 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
ec2_networkacl_allow_ingress_any_port |
Network ACL acl-07e78237304a6d367 has every port open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
acl-0c34a3347ef305308 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
ec2_networkacl_allow_ingress_any_port |
Network ACL acl-0c34a3347ef305308 has every port open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
acl-0aa54221e7c479387 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
ec2_networkacl_allow_ingress_any_port |
Network ACL acl-0aa54221e7c479387 has every port open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
acl-0551e0d858a4766b5 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
ec2_networkacl_allow_ingress_any_port |
Network ACL acl-0551e0d858a4766b5 has every port open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
acl-0c252885aca7df663 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
ec2_networkacl_allow_ingress_any_port |
Network ACL acl-0c252885aca7df663 has every port open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
acl-4a846821 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
ec2_networkacl_allow_ingress_any_port |
Network ACL acl-4a846821 has every port open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-southeast-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
acl-99e152ff |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
ec2_networkacl_allow_ingress_any_port |
Network ACL acl-99e152ff has every port open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-southeast-2 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
acl-8e914ae8 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
ec2_networkacl_allow_ingress_any_port |
Network ACL acl-8e914ae8 has every port open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
eu-central-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
acl-0d77fd67 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
ec2_networkacl_allow_ingress_any_port |
Network ACL acl-0d77fd67 has every port open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
eu-north-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
acl-05aa7d6c |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
ec2_networkacl_allow_ingress_any_port |
Network ACL acl-05aa7d6c has every port open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
eu-west-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
acl-34f9654d |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
ec2_networkacl_allow_ingress_any_port |
Network ACL acl-34f9654d has every port open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
eu-west-2 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
acl-8fecbfe7 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
ec2_networkacl_allow_ingress_any_port |
Network ACL acl-8fecbfe7 has every port open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
eu-west-3 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
acl-1562757c |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
ec2_networkacl_allow_ingress_any_port |
Network ACL acl-1562757c has every port open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
sa-east-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
acl-816558e6 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
ec2_networkacl_allow_ingress_any_port |
Network ACL acl-816558e6 has every port open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
us-east-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
acl-0fc5b600deaa124fe |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
ec2_networkacl_allow_ingress_any_port |
Network ACL acl-0fc5b600deaa124fe has every port open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
us-east-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
acl-07fd797a |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
ec2_networkacl_allow_ingress_any_port |
Network ACL acl-07fd797a has every port open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
us-east-2 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
acl-f7c6639c |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
ec2_networkacl_allow_ingress_any_port |
Network ACL acl-f7c6639c has every port open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
us-west-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
acl-51b11937 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
ec2_networkacl_allow_ingress_any_port |
Network ACL acl-51b11937 has every port open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
us-west-2 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
acl-48a84533 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. |
ec2_networkacl_allow_ingress_any_port |
Network ACL acl-48a84533 has every port open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-northeast-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
acl-3ee94058 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
ec2_networkacl_allow_ingress_tcp_port_22 |
Network ACL acl-3ee94058 has SSH port 22 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-northeast-2 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
acl-7b43c610 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
ec2_networkacl_allow_ingress_tcp_port_22 |
Network ACL acl-7b43c610 has SSH port 22 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-northeast-3 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
acl-00780669 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
ec2_networkacl_allow_ingress_tcp_port_22 |
Network ACL acl-00780669 has SSH port 22 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
acl-059cbe81d2548d6de |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
ec2_networkacl_allow_ingress_tcp_port_22 |
Network ACL acl-059cbe81d2548d6de has SSH port 22 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
acl-07e78237304a6d367 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
ec2_networkacl_allow_ingress_tcp_port_22 |
Network ACL acl-07e78237304a6d367 has SSH port 22 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
acl-0c34a3347ef305308 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
ec2_networkacl_allow_ingress_tcp_port_22 |
Network ACL acl-0c34a3347ef305308 has SSH port 22 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
acl-0aa54221e7c479387 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
ec2_networkacl_allow_ingress_tcp_port_22 |
Network ACL acl-0aa54221e7c479387 has SSH port 22 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
acl-0551e0d858a4766b5 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
ec2_networkacl_allow_ingress_tcp_port_22 |
Network ACL acl-0551e0d858a4766b5 has SSH port 22 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
acl-0c252885aca7df663 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
ec2_networkacl_allow_ingress_tcp_port_22 |
Network ACL acl-0c252885aca7df663 has SSH port 22 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
acl-4a846821 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
ec2_networkacl_allow_ingress_tcp_port_22 |
Network ACL acl-4a846821 has SSH port 22 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-southeast-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
acl-99e152ff |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
ec2_networkacl_allow_ingress_tcp_port_22 |
Network ACL acl-99e152ff has SSH port 22 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-southeast-2 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
acl-8e914ae8 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
ec2_networkacl_allow_ingress_tcp_port_22 |
Network ACL acl-8e914ae8 has SSH port 22 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
eu-central-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
acl-0d77fd67 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
ec2_networkacl_allow_ingress_tcp_port_22 |
Network ACL acl-0d77fd67 has SSH port 22 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
eu-north-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
acl-05aa7d6c |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
ec2_networkacl_allow_ingress_tcp_port_22 |
Network ACL acl-05aa7d6c has SSH port 22 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
eu-west-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
acl-34f9654d |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
ec2_networkacl_allow_ingress_tcp_port_22 |
Network ACL acl-34f9654d has SSH port 22 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
eu-west-2 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
acl-8fecbfe7 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
ec2_networkacl_allow_ingress_tcp_port_22 |
Network ACL acl-8fecbfe7 has SSH port 22 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
eu-west-3 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
acl-1562757c |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
ec2_networkacl_allow_ingress_tcp_port_22 |
Network ACL acl-1562757c has SSH port 22 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
sa-east-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
acl-816558e6 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
ec2_networkacl_allow_ingress_tcp_port_22 |
Network ACL acl-816558e6 has SSH port 22 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
us-east-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
acl-0fc5b600deaa124fe |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
ec2_networkacl_allow_ingress_tcp_port_22 |
Network ACL acl-0fc5b600deaa124fe has SSH port 22 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
us-east-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
acl-07fd797a |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
ec2_networkacl_allow_ingress_tcp_port_22 |
Network ACL acl-07fd797a has SSH port 22 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
us-east-2 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
acl-f7c6639c |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
ec2_networkacl_allow_ingress_tcp_port_22 |
Network ACL acl-f7c6639c has SSH port 22 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
us-west-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
acl-51b11937 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
ec2_networkacl_allow_ingress_tcp_port_22 |
Network ACL acl-51b11937 has SSH port 22 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
us-west-2 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
acl-48a84533 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 |
ec2_networkacl_allow_ingress_tcp_port_22 |
Network ACL acl-48a84533 has SSH port 22 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-northeast-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
acl-3ee94058 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
ec2_networkacl_allow_ingress_tcp_port_3389 |
Network ACL acl-3ee94058 has Microsoft RDP port 3389 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-northeast-2 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
acl-7b43c610 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
ec2_networkacl_allow_ingress_tcp_port_3389 |
Network ACL acl-7b43c610 has Microsoft RDP port 3389 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-northeast-3 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
acl-00780669 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
ec2_networkacl_allow_ingress_tcp_port_3389 |
Network ACL acl-00780669 has Microsoft RDP port 3389 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
acl-059cbe81d2548d6de |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
ec2_networkacl_allow_ingress_tcp_port_3389 |
Network ACL acl-059cbe81d2548d6de has Microsoft RDP port 3389 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
acl-07e78237304a6d367 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
ec2_networkacl_allow_ingress_tcp_port_3389 |
Network ACL acl-07e78237304a6d367 has Microsoft RDP port 3389 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
acl-0c34a3347ef305308 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
ec2_networkacl_allow_ingress_tcp_port_3389 |
Network ACL acl-0c34a3347ef305308 has Microsoft RDP port 3389 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
acl-0aa54221e7c479387 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
ec2_networkacl_allow_ingress_tcp_port_3389 |
Network ACL acl-0aa54221e7c479387 has Microsoft RDP port 3389 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
acl-0551e0d858a4766b5 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
ec2_networkacl_allow_ingress_tcp_port_3389 |
Network ACL acl-0551e0d858a4766b5 has Microsoft RDP port 3389 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
acl-0c252885aca7df663 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
ec2_networkacl_allow_ingress_tcp_port_3389 |
Network ACL acl-0c252885aca7df663 has Microsoft RDP port 3389 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
acl-4a846821 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
ec2_networkacl_allow_ingress_tcp_port_3389 |
Network ACL acl-4a846821 has Microsoft RDP port 3389 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-southeast-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
acl-99e152ff |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
ec2_networkacl_allow_ingress_tcp_port_3389 |
Network ACL acl-99e152ff has Microsoft RDP port 3389 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-southeast-2 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
acl-8e914ae8 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
ec2_networkacl_allow_ingress_tcp_port_3389 |
Network ACL acl-8e914ae8 has Microsoft RDP port 3389 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
eu-central-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
acl-0d77fd67 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
ec2_networkacl_allow_ingress_tcp_port_3389 |
Network ACL acl-0d77fd67 has Microsoft RDP port 3389 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
eu-north-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
acl-05aa7d6c |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
ec2_networkacl_allow_ingress_tcp_port_3389 |
Network ACL acl-05aa7d6c has Microsoft RDP port 3389 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
eu-west-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
acl-34f9654d |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
ec2_networkacl_allow_ingress_tcp_port_3389 |
Network ACL acl-34f9654d has Microsoft RDP port 3389 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
eu-west-2 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
acl-8fecbfe7 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
ec2_networkacl_allow_ingress_tcp_port_3389 |
Network ACL acl-8fecbfe7 has Microsoft RDP port 3389 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
eu-west-3 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
acl-1562757c |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
ec2_networkacl_allow_ingress_tcp_port_3389 |
Network ACL acl-1562757c has Microsoft RDP port 3389 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
sa-east-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
acl-816558e6 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
ec2_networkacl_allow_ingress_tcp_port_3389 |
Network ACL acl-816558e6 has Microsoft RDP port 3389 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
us-east-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
acl-0fc5b600deaa124fe |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
ec2_networkacl_allow_ingress_tcp_port_3389 |
Network ACL acl-0fc5b600deaa124fe has Microsoft RDP port 3389 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
us-east-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
acl-07fd797a |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
ec2_networkacl_allow_ingress_tcp_port_3389 |
Network ACL acl-07fd797a has Microsoft RDP port 3389 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
us-east-2 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
acl-f7c6639c |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
ec2_networkacl_allow_ingress_tcp_port_3389 |
Network ACL acl-f7c6639c has Microsoft RDP port 3389 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
us-west-1 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
acl-51b11937 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
ec2_networkacl_allow_ingress_tcp_port_3389 |
Network ACL acl-51b11937 has Microsoft RDP port 3389 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
us-west-2 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
acl-48a84533 |
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 |
ec2_networkacl_allow_ingress_tcp_port_3389 |
Network ACL acl-48a84533 has Microsoft RDP port 3389 open to the Internet. |
Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| PASS |
high |
ec2 |
ap-northeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-a7a8a2d7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group default (sg-a7a8a2d7) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0781bb66 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group default (sg-0781bb66) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-3bd72a56 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group default (sg-3bd72a56) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-051bc89f00d84ba5d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group default (sg-051bc89f00d84ba5d) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-014e8daa4cc040ec3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group FLTITLE (sg-014e8daa4cc040ec3) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-05c4e006af9e88dce |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group production_instance_24hr (sg-05c4e006af9e88dce) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-090b4a2a1c5868d3f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-00d80536c6f581309 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group poc-new-dr-SG (sg-00d80536c6f581309) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-06bd3c482cfc57740 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group launch-wizard-10 (sg-06bd3c482cfc57740) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0cef5febe99cb6c57 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0e3c03071ed78ed08 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-07032cce3a92d339c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group newexample (sg-07032cce3a92d339c) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-03e9695ce5a0004e3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-01ce2418c7b289616 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-048665d6d0c5ddade |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group launch-wizard-12 (sg-048665d6d0c5ddade) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-031e19902e2a5afdf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group xenia (sg-031e19902e2a5afdf) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-09fe68ed6b5fb3364 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-07fe7a4a585a27114 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0d37f630587326b7e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group launch-wizard-8 (sg-0d37f630587326b7e) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-026aafec6fadbd8c1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-07a7e54c93da1b0bb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0aeb794463e80d4fb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0a229ea3e85856a09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group new-rdp-pub (sg-0a229ea3e85856a09) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-008d5e1c2f6c94baa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-07cb54f5346101b04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-08d49b3fee5eae78f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0ced3f254ff2e2449 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group Production_instance (sg-0ced3f254ff2e2449) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0af3d8b5b8bc880fa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0a9daa8c4e10538d0 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0772c4ae4f2152412 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group launch-wizard-9 (sg-0772c4ae4f2152412) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-091c740915160e014 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group default (sg-091c740915160e014) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0cda5846e51d75406 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-04b71d8fe6f61ac09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-08a830f3818df22d8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-09fc17deef2200543 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group launch-wizard-3 (sg-09fc17deef2200543) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0474afad1cede51c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-16c91a78 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group default (sg-16c91a78) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-03dda95217bd722cf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0b36e9776f84be1b8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0bd7e423fac41eca5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group snatpshot_test (sg-0bd7e423fac41eca5) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-05eb10b1b7df8b201 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group default (sg-05eb10b1b7df8b201) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-094663576a916beb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group Scan (sg-094663576a916beb5) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0cf58d958641ae531 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group FLTITLE-db (sg-0cf58d958641ae531) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-07ca5965527721e2b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group test.fugo.ELB (sg-07ca5965527721e2b) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-04ffc3255e82b26a3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group test.fugoone (sg-04ffc3255e82b26a3) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0cc85defb9824bf46 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group newdemo (sg-0cc85defb9824bf46) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0a5358451ab8eb31f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-05621c06837212db5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group fugo office network (sg-05621c06837212db5) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-08b7370c7d1c12ab6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group Workspace (sg-08b7370c7d1c12ab6) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0b6c9695323ec455c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0d60b8f6ae7a1dc83 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0b519b5e6321a2762 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group RDP_NEW (sg-0b519b5e6321a2762) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0b6ae40bc40a05870 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group default (sg-0b6ae40bc40a05870) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-07134278bb62c54e5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group tittle.fugoone.com (sg-07134278bb62c54e5) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-04819898c1b060625 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group launch-wizard-1 (sg-04819898c1b060625) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-04e2e7f5507ea7337 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-05f377a970051f352 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0e4aa2f9d569fca18 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-03cd1691502cec67e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group windows (sg-03cd1691502cec67e) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0cae57cb9099fc6de |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0dccfce9d4a0c9e60 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0b491bea1db5b5666 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group Windows_Mig_test (sg-0b491bea1db5b5666) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0ee48f91f8164b5d9 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0209ccd9248b69ece |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-055f2fcdabec8a369 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group default (sg-055f2fcdabec8a369) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-076ae3302eae38eae |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-04025f2ff76e7bd88 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group test (sg-04025f2ff76e7bd88) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0129ef8098ddb64c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group monitoring-sg (sg-0129ef8098ddb64c3) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0eadf6ec31f93bb8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0491433bb7e2de88d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0c2892864e591824e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group PMS-app-server (sg-0c2892864e591824e) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-06c3a17fe51c9de61 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0fdf571c639c4ea8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0ac53cbf0ab180e84 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-054a81357c28e6fb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0d900345b2583fc49 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group fugoservices-web (sg-0d900345b2583fc49) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-039c5bcf6bdfe954d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0a7e5947d6d3ab692 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group default (sg-0a7e5947d6d3ab692) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-000e6b51a965ce764 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group wazuh (sg-000e6b51a965ce764) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-02aac871f20a48d69 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0299cd0cdfa6599bc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group knowfugo-database (sg-0299cd0cdfa6599bc) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0b5898998ef0f0040 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0f1b0a1ae6ee72a6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0682fefbab8f20c19 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-03f8863db5b89f3cc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0b599093e3e3c4c6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-007e9f3f5e6a7dda2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group knowfugo (sg-007e9f3f5e6a7dda2) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0937aff6d72c24a45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group stagng_knowfugo (sg-0937aff6d72c24a45) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-08121f893f2d89138 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-048bccd7d49e2c556 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0325f3fdbd7f4ae04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group Demo-audit (sg-0325f3fdbd7f4ae04) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0f8abce01b2b398db |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group Audit-Bastion (sg-0f8abce01b2b398db) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0f05243b7bf9d3257 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-04edb80657ca25b45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group BASION host (sg-04edb80657ca25b45) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-01ddee8f2302669c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group api.fugoone.com (sg-01ddee8f2302669c3) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-01d6b0b12ee726a22 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group audit-demo-lb (sg-01d6b0b12ee726a22) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-01063b292cec3ec8c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group FUGO-AD (sg-01063b292cec3ec8c) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0e1e536387953fb6b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group New_example_fugoone (sg-0e1e536387953fb6b) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-044d5380ff0b25acd |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0a2c2913bff2400c2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group KNOW-ELB (sg-0a2c2913bff2400c2) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0532d1ee42b3f4636 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group test-fugoone-db (sg-0532d1ee42b3f4636) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0f44652776af161f8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group demo-audit-rds-sg (sg-0f44652776af161f8) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0c2a1b648c8879fe5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-08c854f0f6d88954f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-031db14f807d2b614 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0ebcd60f472f0e59d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-c9844db7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group default (sg-c9844db7) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-b52739cb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group default (sg-b52739cb) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-central-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-6cab7d09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group default (sg-6cab7d09) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-north-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-c92874a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group default (sg-c92874a2) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-31d72b79 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group default (sg-31d72b79) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-4b2ddf2a |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group default (sg-4b2ddf2a) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-7aaf9417 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group default (sg-7aaf9417) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
sa-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-f82f8285 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group default (sg-f82f8285) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0236a454c87e868a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group d-906769962c_controllers (sg-0236a454c87e868a2) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-050d9187f381d2f0b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group default (sg-050d9187f381d2f0b) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-7a00c82f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group default (sg-7a00c82f) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0bde47bb7dcbff977 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0d3dc664f916e5beb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group Test Instance (sg-0d3dc664f916e5beb) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-00e8dbdcd832c0963 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-b78824d2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group default (sg-b78824d2) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-06bcee4d6827a114b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group launch-wizard-1 (sg-06bcee4d6827a114b) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-d876d4a6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group default (sg-d876d4a6) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-0e76f8d7e9c5345df |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
sg-e0eef6a5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. |
ec2_securitygroup_allow_ingress_from_internet_to_any_port |
Security group default (sg-e0eef6a5) has not all ports open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-a7a8a2d7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group default (sg-a7a8a2d7) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0781bb66 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group default (sg-0781bb66) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-3bd72a56 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group default (sg-3bd72a56) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-051bc89f00d84ba5d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group default (sg-051bc89f00d84ba5d) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-014e8daa4cc040ec3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group FLTITLE (sg-014e8daa4cc040ec3) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-05c4e006af9e88dce |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group production_instance_24hr (sg-05c4e006af9e88dce) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-090b4a2a1c5868d3f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-00d80536c6f581309 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group poc-new-dr-SG (sg-00d80536c6f581309) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-06bd3c482cfc57740 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group launch-wizard-10 (sg-06bd3c482cfc57740) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0cef5febe99cb6c57 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0e3c03071ed78ed08 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-07032cce3a92d339c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group newexample (sg-07032cce3a92d339c) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-03e9695ce5a0004e3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-01ce2418c7b289616 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-048665d6d0c5ddade |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group launch-wizard-12 (sg-048665d6d0c5ddade) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-031e19902e2a5afdf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group xenia (sg-031e19902e2a5afdf) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-09fe68ed6b5fb3364 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-07fe7a4a585a27114 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0d37f630587326b7e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group launch-wizard-8 (sg-0d37f630587326b7e) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-026aafec6fadbd8c1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-07a7e54c93da1b0bb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0aeb794463e80d4fb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0a229ea3e85856a09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group new-rdp-pub (sg-0a229ea3e85856a09) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-008d5e1c2f6c94baa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-07cb54f5346101b04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-08d49b3fee5eae78f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0ced3f254ff2e2449 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group Production_instance (sg-0ced3f254ff2e2449) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0af3d8b5b8bc880fa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0a9daa8c4e10538d0 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0772c4ae4f2152412 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group launch-wizard-9 (sg-0772c4ae4f2152412) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-091c740915160e014 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group default (sg-091c740915160e014) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0cda5846e51d75406 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-04b71d8fe6f61ac09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-08a830f3818df22d8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-09fc17deef2200543 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group launch-wizard-3 (sg-09fc17deef2200543) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0474afad1cede51c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-16c91a78 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group default (sg-16c91a78) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-03dda95217bd722cf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0b36e9776f84be1b8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0bd7e423fac41eca5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group snatpshot_test (sg-0bd7e423fac41eca5) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-05eb10b1b7df8b201 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group default (sg-05eb10b1b7df8b201) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-094663576a916beb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group Scan (sg-094663576a916beb5) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0cf58d958641ae531 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group FLTITLE-db (sg-0cf58d958641ae531) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-07ca5965527721e2b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group test.fugo.ELB (sg-07ca5965527721e2b) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-04ffc3255e82b26a3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group test.fugoone (sg-04ffc3255e82b26a3) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0cc85defb9824bf46 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group newdemo (sg-0cc85defb9824bf46) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0a5358451ab8eb31f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-05621c06837212db5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group fugo office network (sg-05621c06837212db5) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-08b7370c7d1c12ab6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group Workspace (sg-08b7370c7d1c12ab6) has MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0b6c9695323ec455c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0d60b8f6ae7a1dc83 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0b519b5e6321a2762 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group RDP_NEW (sg-0b519b5e6321a2762) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0b6ae40bc40a05870 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group default (sg-0b6ae40bc40a05870) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-07134278bb62c54e5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group tittle.fugoone.com (sg-07134278bb62c54e5) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-04819898c1b060625 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group launch-wizard-1 (sg-04819898c1b060625) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-04e2e7f5507ea7337 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-05f377a970051f352 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0e4aa2f9d569fca18 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-03cd1691502cec67e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group windows (sg-03cd1691502cec67e) has MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0cae57cb9099fc6de |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0dccfce9d4a0c9e60 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0b491bea1db5b5666 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group Windows_Mig_test (sg-0b491bea1db5b5666) has MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0ee48f91f8164b5d9 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0209ccd9248b69ece |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-055f2fcdabec8a369 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group default (sg-055f2fcdabec8a369) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-076ae3302eae38eae |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-04025f2ff76e7bd88 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group test (sg-04025f2ff76e7bd88) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0129ef8098ddb64c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group monitoring-sg (sg-0129ef8098ddb64c3) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0eadf6ec31f93bb8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0491433bb7e2de88d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0c2892864e591824e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group PMS-app-server (sg-0c2892864e591824e) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-06c3a17fe51c9de61 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0fdf571c639c4ea8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0ac53cbf0ab180e84 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-054a81357c28e6fb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0d900345b2583fc49 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group fugoservices-web (sg-0d900345b2583fc49) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-039c5bcf6bdfe954d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0a7e5947d6d3ab692 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group default (sg-0a7e5947d6d3ab692) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-000e6b51a965ce764 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group wazuh (sg-000e6b51a965ce764) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-02aac871f20a48d69 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0299cd0cdfa6599bc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group knowfugo-database (sg-0299cd0cdfa6599bc) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0b5898998ef0f0040 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0f1b0a1ae6ee72a6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0682fefbab8f20c19 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-03f8863db5b89f3cc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0b599093e3e3c4c6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-007e9f3f5e6a7dda2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group knowfugo (sg-007e9f3f5e6a7dda2) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0937aff6d72c24a45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group stagng_knowfugo (sg-0937aff6d72c24a45) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-08121f893f2d89138 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-048bccd7d49e2c556 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0325f3fdbd7f4ae04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group Demo-audit (sg-0325f3fdbd7f4ae04) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0f8abce01b2b398db |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group Audit-Bastion (sg-0f8abce01b2b398db) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0f05243b7bf9d3257 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-04edb80657ca25b45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group BASION host (sg-04edb80657ca25b45) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-01ddee8f2302669c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group api.fugoone.com (sg-01ddee8f2302669c3) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-01d6b0b12ee726a22 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group audit-demo-lb (sg-01d6b0b12ee726a22) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-01063b292cec3ec8c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group FUGO-AD (sg-01063b292cec3ec8c) has MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0e1e536387953fb6b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group New_example_fugoone (sg-0e1e536387953fb6b) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-044d5380ff0b25acd |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0a2c2913bff2400c2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group KNOW-ELB (sg-0a2c2913bff2400c2) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0532d1ee42b3f4636 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group test-fugoone-db (sg-0532d1ee42b3f4636) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0f44652776af161f8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group demo-audit-rds-sg (sg-0f44652776af161f8) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0c2a1b648c8879fe5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-08c854f0f6d88954f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-031db14f807d2b614 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0ebcd60f472f0e59d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-c9844db7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group default (sg-c9844db7) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-b52739cb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group default (sg-b52739cb) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-central-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-6cab7d09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group default (sg-6cab7d09) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-north-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-c92874a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group default (sg-c92874a2) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-31d72b79 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group default (sg-31d72b79) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-4b2ddf2a |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group default (sg-4b2ddf2a) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-7aaf9417 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group default (sg-7aaf9417) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
sa-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-f82f8285 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group default (sg-f82f8285) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0236a454c87e868a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group d-906769962c_controllers (sg-0236a454c87e868a2) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-050d9187f381d2f0b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group default (sg-050d9187f381d2f0b) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-7a00c82f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group default (sg-7a00c82f) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0bde47bb7dcbff977 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0d3dc664f916e5beb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group Test Instance (sg-0d3dc664f916e5beb) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-00e8dbdcd832c0963 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-b78824d2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group default (sg-b78824d2) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-06bcee4d6827a114b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group launch-wizard-1 (sg-06bcee4d6827a114b) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-d876d4a6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group default (sg-d876d4a6) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-0e76f8d7e9c5345df |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
sg-e0eef6a5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. |
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 |
Security group default (sg-e0eef6a5) has not MongoDB ports 27017 and 27018 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-a7a8a2d7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group default (sg-a7a8a2d7) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0781bb66 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group default (sg-0781bb66) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-3bd72a56 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group default (sg-3bd72a56) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-051bc89f00d84ba5d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group default (sg-051bc89f00d84ba5d) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-014e8daa4cc040ec3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group FLTITLE (sg-014e8daa4cc040ec3) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-05c4e006af9e88dce |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group production_instance_24hr (sg-05c4e006af9e88dce) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-090b4a2a1c5868d3f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-00d80536c6f581309 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group poc-new-dr-SG (sg-00d80536c6f581309) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-06bd3c482cfc57740 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group launch-wizard-10 (sg-06bd3c482cfc57740) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0cef5febe99cb6c57 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0e3c03071ed78ed08 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-07032cce3a92d339c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group newexample (sg-07032cce3a92d339c) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-03e9695ce5a0004e3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-01ce2418c7b289616 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-048665d6d0c5ddade |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group launch-wizard-12 (sg-048665d6d0c5ddade) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-031e19902e2a5afdf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group xenia (sg-031e19902e2a5afdf) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-09fe68ed6b5fb3364 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-07fe7a4a585a27114 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0d37f630587326b7e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group launch-wizard-8 (sg-0d37f630587326b7e) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-026aafec6fadbd8c1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-07a7e54c93da1b0bb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0aeb794463e80d4fb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0a229ea3e85856a09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group new-rdp-pub (sg-0a229ea3e85856a09) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-008d5e1c2f6c94baa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-07cb54f5346101b04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-08d49b3fee5eae78f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0ced3f254ff2e2449 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group Production_instance (sg-0ced3f254ff2e2449) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0af3d8b5b8bc880fa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0a9daa8c4e10538d0 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0772c4ae4f2152412 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group launch-wizard-9 (sg-0772c4ae4f2152412) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-091c740915160e014 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group default (sg-091c740915160e014) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0cda5846e51d75406 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-04b71d8fe6f61ac09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-08a830f3818df22d8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-09fc17deef2200543 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group launch-wizard-3 (sg-09fc17deef2200543) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0474afad1cede51c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-16c91a78 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group default (sg-16c91a78) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-03dda95217bd722cf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0b36e9776f84be1b8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0bd7e423fac41eca5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group snatpshot_test (sg-0bd7e423fac41eca5) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-05eb10b1b7df8b201 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group default (sg-05eb10b1b7df8b201) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-094663576a916beb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group Scan (sg-094663576a916beb5) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0cf58d958641ae531 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group FLTITLE-db (sg-0cf58d958641ae531) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-07ca5965527721e2b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group test.fugo.ELB (sg-07ca5965527721e2b) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-04ffc3255e82b26a3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group test.fugoone (sg-04ffc3255e82b26a3) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0cc85defb9824bf46 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group newdemo (sg-0cc85defb9824bf46) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0a5358451ab8eb31f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-05621c06837212db5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group fugo office network (sg-05621c06837212db5) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-08b7370c7d1c12ab6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group Workspace (sg-08b7370c7d1c12ab6) has FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0b6c9695323ec455c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0d60b8f6ae7a1dc83 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0b519b5e6321a2762 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group RDP_NEW (sg-0b519b5e6321a2762) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0b6ae40bc40a05870 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group default (sg-0b6ae40bc40a05870) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-07134278bb62c54e5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group tittle.fugoone.com (sg-07134278bb62c54e5) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-04819898c1b060625 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group launch-wizard-1 (sg-04819898c1b060625) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-04e2e7f5507ea7337 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-05f377a970051f352 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0e4aa2f9d569fca18 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-03cd1691502cec67e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group windows (sg-03cd1691502cec67e) has FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0cae57cb9099fc6de |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0dccfce9d4a0c9e60 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0b491bea1db5b5666 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group Windows_Mig_test (sg-0b491bea1db5b5666) has FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0ee48f91f8164b5d9 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0209ccd9248b69ece |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-055f2fcdabec8a369 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group default (sg-055f2fcdabec8a369) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-076ae3302eae38eae |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-04025f2ff76e7bd88 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group test (sg-04025f2ff76e7bd88) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0129ef8098ddb64c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group monitoring-sg (sg-0129ef8098ddb64c3) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0eadf6ec31f93bb8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0491433bb7e2de88d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0c2892864e591824e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group PMS-app-server (sg-0c2892864e591824e) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-06c3a17fe51c9de61 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0fdf571c639c4ea8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0ac53cbf0ab180e84 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-054a81357c28e6fb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0d900345b2583fc49 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group fugoservices-web (sg-0d900345b2583fc49) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-039c5bcf6bdfe954d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0a7e5947d6d3ab692 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group default (sg-0a7e5947d6d3ab692) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-000e6b51a965ce764 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group wazuh (sg-000e6b51a965ce764) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-02aac871f20a48d69 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0299cd0cdfa6599bc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group knowfugo-database (sg-0299cd0cdfa6599bc) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0b5898998ef0f0040 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0f1b0a1ae6ee72a6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0682fefbab8f20c19 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-03f8863db5b89f3cc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0b599093e3e3c4c6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-007e9f3f5e6a7dda2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group knowfugo (sg-007e9f3f5e6a7dda2) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0937aff6d72c24a45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group stagng_knowfugo (sg-0937aff6d72c24a45) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-08121f893f2d89138 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-048bccd7d49e2c556 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0325f3fdbd7f4ae04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group Demo-audit (sg-0325f3fdbd7f4ae04) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0f8abce01b2b398db |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group Audit-Bastion (sg-0f8abce01b2b398db) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0f05243b7bf9d3257 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-04edb80657ca25b45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group BASION host (sg-04edb80657ca25b45) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-01ddee8f2302669c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group api.fugoone.com (sg-01ddee8f2302669c3) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-01d6b0b12ee726a22 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group audit-demo-lb (sg-01d6b0b12ee726a22) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-01063b292cec3ec8c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group FUGO-AD (sg-01063b292cec3ec8c) has FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0e1e536387953fb6b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group New_example_fugoone (sg-0e1e536387953fb6b) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-044d5380ff0b25acd |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0a2c2913bff2400c2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group KNOW-ELB (sg-0a2c2913bff2400c2) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0532d1ee42b3f4636 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group test-fugoone-db (sg-0532d1ee42b3f4636) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0f44652776af161f8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group demo-audit-rds-sg (sg-0f44652776af161f8) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0c2a1b648c8879fe5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-08c854f0f6d88954f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-031db14f807d2b614 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0ebcd60f472f0e59d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-c9844db7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group default (sg-c9844db7) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-b52739cb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group default (sg-b52739cb) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-central-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-6cab7d09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group default (sg-6cab7d09) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-north-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-c92874a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group default (sg-c92874a2) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-31d72b79 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group default (sg-31d72b79) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-4b2ddf2a |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group default (sg-4b2ddf2a) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-7aaf9417 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group default (sg-7aaf9417) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
sa-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-f82f8285 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group default (sg-f82f8285) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0236a454c87e868a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group d-906769962c_controllers (sg-0236a454c87e868a2) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-050d9187f381d2f0b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group default (sg-050d9187f381d2f0b) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-7a00c82f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group default (sg-7a00c82f) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0bde47bb7dcbff977 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0d3dc664f916e5beb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group Test Instance (sg-0d3dc664f916e5beb) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-00e8dbdcd832c0963 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-b78824d2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group default (sg-b78824d2) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-06bcee4d6827a114b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group launch-wizard-1 (sg-06bcee4d6827a114b) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-d876d4a6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group default (sg-d876d4a6) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-0e76f8d7e9c5345df |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
sg-e0eef6a5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 |
Security group default (sg-e0eef6a5) has not FTP ports 20 and 21 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-a7a8a2d7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group default (sg-a7a8a2d7) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0781bb66 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group default (sg-0781bb66) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-3bd72a56 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group default (sg-3bd72a56) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-051bc89f00d84ba5d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group default (sg-051bc89f00d84ba5d) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-014e8daa4cc040ec3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group FLTITLE (sg-014e8daa4cc040ec3) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-05c4e006af9e88dce |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group production_instance_24hr (sg-05c4e006af9e88dce) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-090b4a2a1c5868d3f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-00d80536c6f581309 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group poc-new-dr-SG (sg-00d80536c6f581309) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-06bd3c482cfc57740 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group launch-wizard-10 (sg-06bd3c482cfc57740) has SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0cef5febe99cb6c57 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0e3c03071ed78ed08 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-07032cce3a92d339c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group newexample (sg-07032cce3a92d339c) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-03e9695ce5a0004e3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-01ce2418c7b289616 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-048665d6d0c5ddade |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group launch-wizard-12 (sg-048665d6d0c5ddade) has SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-031e19902e2a5afdf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group xenia (sg-031e19902e2a5afdf) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-09fe68ed6b5fb3364 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-07fe7a4a585a27114 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0d37f630587326b7e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group launch-wizard-8 (sg-0d37f630587326b7e) has SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-026aafec6fadbd8c1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-07a7e54c93da1b0bb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0aeb794463e80d4fb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0a229ea3e85856a09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group new-rdp-pub (sg-0a229ea3e85856a09) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-008d5e1c2f6c94baa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-07cb54f5346101b04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-08d49b3fee5eae78f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0ced3f254ff2e2449 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group Production_instance (sg-0ced3f254ff2e2449) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0af3d8b5b8bc880fa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0a9daa8c4e10538d0 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0772c4ae4f2152412 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group launch-wizard-9 (sg-0772c4ae4f2152412) has SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-091c740915160e014 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group default (sg-091c740915160e014) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0cda5846e51d75406 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-04b71d8fe6f61ac09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-08a830f3818df22d8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-09fc17deef2200543 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group launch-wizard-3 (sg-09fc17deef2200543) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0474afad1cede51c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-16c91a78 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group default (sg-16c91a78) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-03dda95217bd722cf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0b36e9776f84be1b8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0bd7e423fac41eca5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group snatpshot_test (sg-0bd7e423fac41eca5) has SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-05eb10b1b7df8b201 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group default (sg-05eb10b1b7df8b201) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-094663576a916beb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group Scan (sg-094663576a916beb5) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0cf58d958641ae531 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group FLTITLE-db (sg-0cf58d958641ae531) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-07ca5965527721e2b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group test.fugo.ELB (sg-07ca5965527721e2b) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-04ffc3255e82b26a3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group test.fugoone (sg-04ffc3255e82b26a3) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0cc85defb9824bf46 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group newdemo (sg-0cc85defb9824bf46) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0a5358451ab8eb31f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-05621c06837212db5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group fugo office network (sg-05621c06837212db5) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-08b7370c7d1c12ab6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group Workspace (sg-08b7370c7d1c12ab6) has SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0b6c9695323ec455c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0d60b8f6ae7a1dc83 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0b519b5e6321a2762 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group RDP_NEW (sg-0b519b5e6321a2762) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0b6ae40bc40a05870 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group default (sg-0b6ae40bc40a05870) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-07134278bb62c54e5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group tittle.fugoone.com (sg-07134278bb62c54e5) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-04819898c1b060625 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group launch-wizard-1 (sg-04819898c1b060625) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-04e2e7f5507ea7337 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-05f377a970051f352 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0e4aa2f9d569fca18 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-03cd1691502cec67e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group windows (sg-03cd1691502cec67e) has SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0cae57cb9099fc6de |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0dccfce9d4a0c9e60 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0b491bea1db5b5666 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group Windows_Mig_test (sg-0b491bea1db5b5666) has SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0ee48f91f8164b5d9 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0209ccd9248b69ece |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-055f2fcdabec8a369 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group default (sg-055f2fcdabec8a369) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-076ae3302eae38eae |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-04025f2ff76e7bd88 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group test (sg-04025f2ff76e7bd88) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0129ef8098ddb64c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group monitoring-sg (sg-0129ef8098ddb64c3) has SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0eadf6ec31f93bb8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0491433bb7e2de88d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0c2892864e591824e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group PMS-app-server (sg-0c2892864e591824e) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-06c3a17fe51c9de61 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0fdf571c639c4ea8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0ac53cbf0ab180e84 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-054a81357c28e6fb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0d900345b2583fc49 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group fugoservices-web (sg-0d900345b2583fc49) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-039c5bcf6bdfe954d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0a7e5947d6d3ab692 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group default (sg-0a7e5947d6d3ab692) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-000e6b51a965ce764 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group wazuh (sg-000e6b51a965ce764) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-02aac871f20a48d69 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0299cd0cdfa6599bc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group knowfugo-database (sg-0299cd0cdfa6599bc) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0b5898998ef0f0040 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0f1b0a1ae6ee72a6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0682fefbab8f20c19 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-03f8863db5b89f3cc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0b599093e3e3c4c6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-007e9f3f5e6a7dda2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group knowfugo (sg-007e9f3f5e6a7dda2) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0937aff6d72c24a45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group stagng_knowfugo (sg-0937aff6d72c24a45) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-08121f893f2d89138 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-048bccd7d49e2c556 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0325f3fdbd7f4ae04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group Demo-audit (sg-0325f3fdbd7f4ae04) has SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0f8abce01b2b398db |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group Audit-Bastion (sg-0f8abce01b2b398db) has SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0f05243b7bf9d3257 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-04edb80657ca25b45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group BASION host (sg-04edb80657ca25b45) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-01ddee8f2302669c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group api.fugoone.com (sg-01ddee8f2302669c3) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-01d6b0b12ee726a22 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group audit-demo-lb (sg-01d6b0b12ee726a22) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-01063b292cec3ec8c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group FUGO-AD (sg-01063b292cec3ec8c) has SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0e1e536387953fb6b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group New_example_fugoone (sg-0e1e536387953fb6b) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-044d5380ff0b25acd |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0a2c2913bff2400c2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group KNOW-ELB (sg-0a2c2913bff2400c2) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0532d1ee42b3f4636 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group test-fugoone-db (sg-0532d1ee42b3f4636) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0f44652776af161f8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group demo-audit-rds-sg (sg-0f44652776af161f8) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0c2a1b648c8879fe5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-08c854f0f6d88954f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-031db14f807d2b614 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0ebcd60f472f0e59d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-c9844db7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group default (sg-c9844db7) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-b52739cb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group default (sg-b52739cb) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-central-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-6cab7d09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group default (sg-6cab7d09) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-north-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-c92874a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group default (sg-c92874a2) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-31d72b79 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group default (sg-31d72b79) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-4b2ddf2a |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group default (sg-4b2ddf2a) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-7aaf9417 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group default (sg-7aaf9417) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
sa-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-f82f8285 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group default (sg-f82f8285) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0236a454c87e868a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group d-906769962c_controllers (sg-0236a454c87e868a2) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-050d9187f381d2f0b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group default (sg-050d9187f381d2f0b) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-7a00c82f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group default (sg-7a00c82f) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0bde47bb7dcbff977 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0d3dc664f916e5beb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group Test Instance (sg-0d3dc664f916e5beb) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-00e8dbdcd832c0963 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-b78824d2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group default (sg-b78824d2) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-06bcee4d6827a114b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group launch-wizard-1 (sg-06bcee4d6827a114b) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-d876d4a6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group default (sg-d876d4a6) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-0e76f8d7e9c5345df |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
sg-e0eef6a5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 |
Security group default (sg-e0eef6a5) has not SSH port 22 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-a7a8a2d7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group default (sg-a7a8a2d7) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0781bb66 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group default (sg-0781bb66) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-3bd72a56 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group default (sg-3bd72a56) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-051bc89f00d84ba5d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group default (sg-051bc89f00d84ba5d) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-014e8daa4cc040ec3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group FLTITLE (sg-014e8daa4cc040ec3) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-05c4e006af9e88dce |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group production_instance_24hr (sg-05c4e006af9e88dce) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-090b4a2a1c5868d3f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-00d80536c6f581309 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group poc-new-dr-SG (sg-00d80536c6f581309) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-06bd3c482cfc57740 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group launch-wizard-10 (sg-06bd3c482cfc57740) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0cef5febe99cb6c57 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0e3c03071ed78ed08 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-07032cce3a92d339c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group newexample (sg-07032cce3a92d339c) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-03e9695ce5a0004e3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-01ce2418c7b289616 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-048665d6d0c5ddade |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group launch-wizard-12 (sg-048665d6d0c5ddade) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-031e19902e2a5afdf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group xenia (sg-031e19902e2a5afdf) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-09fe68ed6b5fb3364 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-07fe7a4a585a27114 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0d37f630587326b7e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group launch-wizard-8 (sg-0d37f630587326b7e) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-026aafec6fadbd8c1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-07a7e54c93da1b0bb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0aeb794463e80d4fb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0a229ea3e85856a09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group new-rdp-pub (sg-0a229ea3e85856a09) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-008d5e1c2f6c94baa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-07cb54f5346101b04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-08d49b3fee5eae78f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0ced3f254ff2e2449 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group Production_instance (sg-0ced3f254ff2e2449) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0af3d8b5b8bc880fa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0a9daa8c4e10538d0 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0772c4ae4f2152412 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group launch-wizard-9 (sg-0772c4ae4f2152412) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-091c740915160e014 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group default (sg-091c740915160e014) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0cda5846e51d75406 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-04b71d8fe6f61ac09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-08a830f3818df22d8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-09fc17deef2200543 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group launch-wizard-3 (sg-09fc17deef2200543) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0474afad1cede51c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-16c91a78 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group default (sg-16c91a78) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-03dda95217bd722cf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0b36e9776f84be1b8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0bd7e423fac41eca5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group snatpshot_test (sg-0bd7e423fac41eca5) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-05eb10b1b7df8b201 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group default (sg-05eb10b1b7df8b201) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-094663576a916beb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group Scan (sg-094663576a916beb5) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0cf58d958641ae531 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group FLTITLE-db (sg-0cf58d958641ae531) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-07ca5965527721e2b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group test.fugo.ELB (sg-07ca5965527721e2b) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-04ffc3255e82b26a3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group test.fugoone (sg-04ffc3255e82b26a3) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0cc85defb9824bf46 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group newdemo (sg-0cc85defb9824bf46) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0a5358451ab8eb31f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-05621c06837212db5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group fugo office network (sg-05621c06837212db5) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-08b7370c7d1c12ab6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group Workspace (sg-08b7370c7d1c12ab6) has Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0b6c9695323ec455c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0d60b8f6ae7a1dc83 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0b519b5e6321a2762 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group RDP_NEW (sg-0b519b5e6321a2762) has Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0b6ae40bc40a05870 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group default (sg-0b6ae40bc40a05870) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-07134278bb62c54e5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group tittle.fugoone.com (sg-07134278bb62c54e5) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-04819898c1b060625 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group launch-wizard-1 (sg-04819898c1b060625) has Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-04e2e7f5507ea7337 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-05f377a970051f352 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0e4aa2f9d569fca18 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-03cd1691502cec67e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group windows (sg-03cd1691502cec67e) has Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0cae57cb9099fc6de |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0dccfce9d4a0c9e60 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0b491bea1db5b5666 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group Windows_Mig_test (sg-0b491bea1db5b5666) has Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0ee48f91f8164b5d9 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0209ccd9248b69ece |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-055f2fcdabec8a369 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group default (sg-055f2fcdabec8a369) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-076ae3302eae38eae |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-04025f2ff76e7bd88 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group test (sg-04025f2ff76e7bd88) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0129ef8098ddb64c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group monitoring-sg (sg-0129ef8098ddb64c3) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0eadf6ec31f93bb8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0491433bb7e2de88d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0c2892864e591824e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group PMS-app-server (sg-0c2892864e591824e) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-06c3a17fe51c9de61 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0fdf571c639c4ea8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0ac53cbf0ab180e84 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-054a81357c28e6fb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0d900345b2583fc49 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group fugoservices-web (sg-0d900345b2583fc49) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-039c5bcf6bdfe954d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0a7e5947d6d3ab692 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group default (sg-0a7e5947d6d3ab692) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-000e6b51a965ce764 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group wazuh (sg-000e6b51a965ce764) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-02aac871f20a48d69 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0299cd0cdfa6599bc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group knowfugo-database (sg-0299cd0cdfa6599bc) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0b5898998ef0f0040 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0f1b0a1ae6ee72a6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0682fefbab8f20c19 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-03f8863db5b89f3cc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0b599093e3e3c4c6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-007e9f3f5e6a7dda2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group knowfugo (sg-007e9f3f5e6a7dda2) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0937aff6d72c24a45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group stagng_knowfugo (sg-0937aff6d72c24a45) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-08121f893f2d89138 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-048bccd7d49e2c556 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0325f3fdbd7f4ae04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group Demo-audit (sg-0325f3fdbd7f4ae04) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0f8abce01b2b398db |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group Audit-Bastion (sg-0f8abce01b2b398db) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0f05243b7bf9d3257 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-04edb80657ca25b45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group BASION host (sg-04edb80657ca25b45) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-01ddee8f2302669c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group api.fugoone.com (sg-01ddee8f2302669c3) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-01d6b0b12ee726a22 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group audit-demo-lb (sg-01d6b0b12ee726a22) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-01063b292cec3ec8c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group FUGO-AD (sg-01063b292cec3ec8c) has Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0e1e536387953fb6b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group New_example_fugoone (sg-0e1e536387953fb6b) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-044d5380ff0b25acd |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0a2c2913bff2400c2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group KNOW-ELB (sg-0a2c2913bff2400c2) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0532d1ee42b3f4636 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group test-fugoone-db (sg-0532d1ee42b3f4636) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0f44652776af161f8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group demo-audit-rds-sg (sg-0f44652776af161f8) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0c2a1b648c8879fe5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-08c854f0f6d88954f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-031db14f807d2b614 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0ebcd60f472f0e59d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-c9844db7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group default (sg-c9844db7) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-b52739cb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group default (sg-b52739cb) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-central-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-6cab7d09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group default (sg-6cab7d09) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-north-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-c92874a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group default (sg-c92874a2) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-31d72b79 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group default (sg-31d72b79) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-4b2ddf2a |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group default (sg-4b2ddf2a) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-7aaf9417 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group default (sg-7aaf9417) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
sa-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-f82f8285 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group default (sg-f82f8285) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0236a454c87e868a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group d-906769962c_controllers (sg-0236a454c87e868a2) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-050d9187f381d2f0b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group default (sg-050d9187f381d2f0b) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-7a00c82f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group default (sg-7a00c82f) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0bde47bb7dcbff977 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0d3dc664f916e5beb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group Test Instance (sg-0d3dc664f916e5beb) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-00e8dbdcd832c0963 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-b78824d2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group default (sg-b78824d2) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-06bcee4d6827a114b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group launch-wizard-1 (sg-06bcee4d6827a114b) has Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-d876d4a6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group default (sg-d876d4a6) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-0e76f8d7e9c5345df |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
sg-e0eef6a5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 |
Security group default (sg-e0eef6a5) has not Microsoft RDP port 3389 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-a7a8a2d7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group default (sg-a7a8a2d7) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0781bb66 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group default (sg-0781bb66) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-3bd72a56 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group default (sg-3bd72a56) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-051bc89f00d84ba5d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group default (sg-051bc89f00d84ba5d) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-014e8daa4cc040ec3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group FLTITLE (sg-014e8daa4cc040ec3) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-05c4e006af9e88dce |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group production_instance_24hr (sg-05c4e006af9e88dce) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-090b4a2a1c5868d3f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-00d80536c6f581309 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group poc-new-dr-SG (sg-00d80536c6f581309) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-06bd3c482cfc57740 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group launch-wizard-10 (sg-06bd3c482cfc57740) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0cef5febe99cb6c57 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0e3c03071ed78ed08 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-07032cce3a92d339c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group newexample (sg-07032cce3a92d339c) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-03e9695ce5a0004e3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-01ce2418c7b289616 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-048665d6d0c5ddade |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group launch-wizard-12 (sg-048665d6d0c5ddade) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-031e19902e2a5afdf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group xenia (sg-031e19902e2a5afdf) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-09fe68ed6b5fb3364 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-07fe7a4a585a27114 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0d37f630587326b7e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group launch-wizard-8 (sg-0d37f630587326b7e) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-026aafec6fadbd8c1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-07a7e54c93da1b0bb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0aeb794463e80d4fb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0a229ea3e85856a09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group new-rdp-pub (sg-0a229ea3e85856a09) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-008d5e1c2f6c94baa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-07cb54f5346101b04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-08d49b3fee5eae78f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0ced3f254ff2e2449 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group Production_instance (sg-0ced3f254ff2e2449) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0af3d8b5b8bc880fa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0a9daa8c4e10538d0 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0772c4ae4f2152412 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group launch-wizard-9 (sg-0772c4ae4f2152412) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-091c740915160e014 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group default (sg-091c740915160e014) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0cda5846e51d75406 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-04b71d8fe6f61ac09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-08a830f3818df22d8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-09fc17deef2200543 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group launch-wizard-3 (sg-09fc17deef2200543) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0474afad1cede51c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-16c91a78 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group default (sg-16c91a78) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-03dda95217bd722cf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0b36e9776f84be1b8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0bd7e423fac41eca5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group snatpshot_test (sg-0bd7e423fac41eca5) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-05eb10b1b7df8b201 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group default (sg-05eb10b1b7df8b201) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-094663576a916beb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group Scan (sg-094663576a916beb5) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0cf58d958641ae531 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group FLTITLE-db (sg-0cf58d958641ae531) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-07ca5965527721e2b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group test.fugo.ELB (sg-07ca5965527721e2b) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-04ffc3255e82b26a3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group test.fugoone (sg-04ffc3255e82b26a3) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0cc85defb9824bf46 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group newdemo (sg-0cc85defb9824bf46) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0a5358451ab8eb31f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-05621c06837212db5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group fugo office network (sg-05621c06837212db5) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-08b7370c7d1c12ab6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group Workspace (sg-08b7370c7d1c12ab6) has Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0b6c9695323ec455c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0d60b8f6ae7a1dc83 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0b519b5e6321a2762 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group RDP_NEW (sg-0b519b5e6321a2762) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0b6ae40bc40a05870 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group default (sg-0b6ae40bc40a05870) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-07134278bb62c54e5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group tittle.fugoone.com (sg-07134278bb62c54e5) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-04819898c1b060625 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group launch-wizard-1 (sg-04819898c1b060625) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-04e2e7f5507ea7337 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-05f377a970051f352 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0e4aa2f9d569fca18 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-03cd1691502cec67e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group windows (sg-03cd1691502cec67e) has Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0cae57cb9099fc6de |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0dccfce9d4a0c9e60 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0b491bea1db5b5666 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group Windows_Mig_test (sg-0b491bea1db5b5666) has Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0ee48f91f8164b5d9 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0209ccd9248b69ece |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-055f2fcdabec8a369 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group default (sg-055f2fcdabec8a369) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-076ae3302eae38eae |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-04025f2ff76e7bd88 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group test (sg-04025f2ff76e7bd88) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0129ef8098ddb64c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group monitoring-sg (sg-0129ef8098ddb64c3) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0eadf6ec31f93bb8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0491433bb7e2de88d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0c2892864e591824e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group PMS-app-server (sg-0c2892864e591824e) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-06c3a17fe51c9de61 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0fdf571c639c4ea8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0ac53cbf0ab180e84 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-054a81357c28e6fb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0d900345b2583fc49 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group fugoservices-web (sg-0d900345b2583fc49) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-039c5bcf6bdfe954d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0a7e5947d6d3ab692 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group default (sg-0a7e5947d6d3ab692) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-000e6b51a965ce764 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group wazuh (sg-000e6b51a965ce764) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-02aac871f20a48d69 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0299cd0cdfa6599bc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group knowfugo-database (sg-0299cd0cdfa6599bc) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0b5898998ef0f0040 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0f1b0a1ae6ee72a6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0682fefbab8f20c19 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-03f8863db5b89f3cc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0b599093e3e3c4c6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-007e9f3f5e6a7dda2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group knowfugo (sg-007e9f3f5e6a7dda2) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0937aff6d72c24a45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group stagng_knowfugo (sg-0937aff6d72c24a45) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-08121f893f2d89138 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-048bccd7d49e2c556 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0325f3fdbd7f4ae04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group Demo-audit (sg-0325f3fdbd7f4ae04) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0f8abce01b2b398db |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group Audit-Bastion (sg-0f8abce01b2b398db) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0f05243b7bf9d3257 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-04edb80657ca25b45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group BASION host (sg-04edb80657ca25b45) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-01ddee8f2302669c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group api.fugoone.com (sg-01ddee8f2302669c3) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-01d6b0b12ee726a22 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group audit-demo-lb (sg-01d6b0b12ee726a22) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-01063b292cec3ec8c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group FUGO-AD (sg-01063b292cec3ec8c) has Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0e1e536387953fb6b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group New_example_fugoone (sg-0e1e536387953fb6b) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-044d5380ff0b25acd |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0a2c2913bff2400c2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group KNOW-ELB (sg-0a2c2913bff2400c2) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0532d1ee42b3f4636 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group test-fugoone-db (sg-0532d1ee42b3f4636) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0f44652776af161f8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group demo-audit-rds-sg (sg-0f44652776af161f8) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0c2a1b648c8879fe5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-08c854f0f6d88954f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-031db14f807d2b614 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0ebcd60f472f0e59d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-c9844db7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group default (sg-c9844db7) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-b52739cb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group default (sg-b52739cb) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-central-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-6cab7d09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group default (sg-6cab7d09) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-north-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-c92874a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group default (sg-c92874a2) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-31d72b79 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group default (sg-31d72b79) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-4b2ddf2a |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group default (sg-4b2ddf2a) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-7aaf9417 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group default (sg-7aaf9417) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
sa-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-f82f8285 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group default (sg-f82f8285) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0236a454c87e868a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group d-906769962c_controllers (sg-0236a454c87e868a2) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-050d9187f381d2f0b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group default (sg-050d9187f381d2f0b) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-7a00c82f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group default (sg-7a00c82f) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0bde47bb7dcbff977 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0d3dc664f916e5beb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group Test Instance (sg-0d3dc664f916e5beb) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-00e8dbdcd832c0963 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-b78824d2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group default (sg-b78824d2) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-06bcee4d6827a114b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group launch-wizard-1 (sg-06bcee4d6827a114b) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-d876d4a6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group default (sg-d876d4a6) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-0e76f8d7e9c5345df |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
sg-e0eef6a5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 |
Security group default (sg-e0eef6a5) has not Casandra ports 7199, 8888 and 9160 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-a7a8a2d7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group default (sg-a7a8a2d7) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0781bb66 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group default (sg-0781bb66) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-3bd72a56 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group default (sg-3bd72a56) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-051bc89f00d84ba5d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group default (sg-051bc89f00d84ba5d) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-014e8daa4cc040ec3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group FLTITLE (sg-014e8daa4cc040ec3) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-05c4e006af9e88dce |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group production_instance_24hr (sg-05c4e006af9e88dce) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-090b4a2a1c5868d3f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-00d80536c6f581309 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group poc-new-dr-SG (sg-00d80536c6f581309) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-06bd3c482cfc57740 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group launch-wizard-10 (sg-06bd3c482cfc57740) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0cef5febe99cb6c57 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0e3c03071ed78ed08 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-07032cce3a92d339c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group newexample (sg-07032cce3a92d339c) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-03e9695ce5a0004e3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-01ce2418c7b289616 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-048665d6d0c5ddade |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group launch-wizard-12 (sg-048665d6d0c5ddade) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-031e19902e2a5afdf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group xenia (sg-031e19902e2a5afdf) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-09fe68ed6b5fb3364 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-07fe7a4a585a27114 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0d37f630587326b7e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group launch-wizard-8 (sg-0d37f630587326b7e) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-026aafec6fadbd8c1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-07a7e54c93da1b0bb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0aeb794463e80d4fb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0a229ea3e85856a09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group new-rdp-pub (sg-0a229ea3e85856a09) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-008d5e1c2f6c94baa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-07cb54f5346101b04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-08d49b3fee5eae78f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0ced3f254ff2e2449 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group Production_instance (sg-0ced3f254ff2e2449) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0af3d8b5b8bc880fa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0a9daa8c4e10538d0 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0772c4ae4f2152412 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group launch-wizard-9 (sg-0772c4ae4f2152412) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-091c740915160e014 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group default (sg-091c740915160e014) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0cda5846e51d75406 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-04b71d8fe6f61ac09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-08a830f3818df22d8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-09fc17deef2200543 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group launch-wizard-3 (sg-09fc17deef2200543) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0474afad1cede51c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-16c91a78 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group default (sg-16c91a78) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-03dda95217bd722cf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0b36e9776f84be1b8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0bd7e423fac41eca5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group snatpshot_test (sg-0bd7e423fac41eca5) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-05eb10b1b7df8b201 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group default (sg-05eb10b1b7df8b201) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-094663576a916beb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group Scan (sg-094663576a916beb5) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0cf58d958641ae531 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group FLTITLE-db (sg-0cf58d958641ae531) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-07ca5965527721e2b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group test.fugo.ELB (sg-07ca5965527721e2b) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-04ffc3255e82b26a3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group test.fugoone (sg-04ffc3255e82b26a3) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0cc85defb9824bf46 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group newdemo (sg-0cc85defb9824bf46) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0a5358451ab8eb31f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-05621c06837212db5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group fugo office network (sg-05621c06837212db5) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-08b7370c7d1c12ab6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group Workspace (sg-08b7370c7d1c12ab6) has Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0b6c9695323ec455c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0d60b8f6ae7a1dc83 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0b519b5e6321a2762 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group RDP_NEW (sg-0b519b5e6321a2762) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0b6ae40bc40a05870 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group default (sg-0b6ae40bc40a05870) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-07134278bb62c54e5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group tittle.fugoone.com (sg-07134278bb62c54e5) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-04819898c1b060625 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group launch-wizard-1 (sg-04819898c1b060625) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-04e2e7f5507ea7337 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-05f377a970051f352 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0e4aa2f9d569fca18 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-03cd1691502cec67e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group windows (sg-03cd1691502cec67e) has Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0cae57cb9099fc6de |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0dccfce9d4a0c9e60 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0b491bea1db5b5666 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group Windows_Mig_test (sg-0b491bea1db5b5666) has Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0ee48f91f8164b5d9 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0209ccd9248b69ece |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-055f2fcdabec8a369 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group default (sg-055f2fcdabec8a369) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-076ae3302eae38eae |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-04025f2ff76e7bd88 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group test (sg-04025f2ff76e7bd88) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0129ef8098ddb64c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group monitoring-sg (sg-0129ef8098ddb64c3) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0eadf6ec31f93bb8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0491433bb7e2de88d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0c2892864e591824e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group PMS-app-server (sg-0c2892864e591824e) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-06c3a17fe51c9de61 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0fdf571c639c4ea8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0ac53cbf0ab180e84 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-054a81357c28e6fb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0d900345b2583fc49 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group fugoservices-web (sg-0d900345b2583fc49) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-039c5bcf6bdfe954d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0a7e5947d6d3ab692 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group default (sg-0a7e5947d6d3ab692) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-000e6b51a965ce764 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group wazuh (sg-000e6b51a965ce764) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-02aac871f20a48d69 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0299cd0cdfa6599bc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group knowfugo-database (sg-0299cd0cdfa6599bc) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0b5898998ef0f0040 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0f1b0a1ae6ee72a6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0682fefbab8f20c19 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-03f8863db5b89f3cc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0b599093e3e3c4c6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-007e9f3f5e6a7dda2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group knowfugo (sg-007e9f3f5e6a7dda2) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0937aff6d72c24a45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group stagng_knowfugo (sg-0937aff6d72c24a45) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-08121f893f2d89138 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-048bccd7d49e2c556 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0325f3fdbd7f4ae04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group Demo-audit (sg-0325f3fdbd7f4ae04) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0f8abce01b2b398db |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group Audit-Bastion (sg-0f8abce01b2b398db) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0f05243b7bf9d3257 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-04edb80657ca25b45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group BASION host (sg-04edb80657ca25b45) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-01ddee8f2302669c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group api.fugoone.com (sg-01ddee8f2302669c3) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-01d6b0b12ee726a22 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group audit-demo-lb (sg-01d6b0b12ee726a22) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-01063b292cec3ec8c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group FUGO-AD (sg-01063b292cec3ec8c) has Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0e1e536387953fb6b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group New_example_fugoone (sg-0e1e536387953fb6b) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-044d5380ff0b25acd |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0a2c2913bff2400c2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group KNOW-ELB (sg-0a2c2913bff2400c2) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0532d1ee42b3f4636 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group test-fugoone-db (sg-0532d1ee42b3f4636) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0f44652776af161f8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group demo-audit-rds-sg (sg-0f44652776af161f8) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0c2a1b648c8879fe5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-08c854f0f6d88954f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-031db14f807d2b614 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0ebcd60f472f0e59d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-c9844db7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group default (sg-c9844db7) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-b52739cb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group default (sg-b52739cb) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-central-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-6cab7d09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group default (sg-6cab7d09) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-north-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-c92874a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group default (sg-c92874a2) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-31d72b79 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group default (sg-31d72b79) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-4b2ddf2a |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group default (sg-4b2ddf2a) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-7aaf9417 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group default (sg-7aaf9417) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
sa-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-f82f8285 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group default (sg-f82f8285) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0236a454c87e868a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group d-906769962c_controllers (sg-0236a454c87e868a2) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-050d9187f381d2f0b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group default (sg-050d9187f381d2f0b) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-7a00c82f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group default (sg-7a00c82f) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0bde47bb7dcbff977 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0d3dc664f916e5beb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group Test Instance (sg-0d3dc664f916e5beb) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-00e8dbdcd832c0963 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-b78824d2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group default (sg-b78824d2) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-06bcee4d6827a114b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group launch-wizard-1 (sg-06bcee4d6827a114b) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-d876d4a6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group default (sg-d876d4a6) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-0e76f8d7e9c5345df |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
sg-e0eef6a5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 |
Security group default (sg-e0eef6a5) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-a7a8a2d7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group default (sg-a7a8a2d7) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0781bb66 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group default (sg-0781bb66) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-3bd72a56 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group default (sg-3bd72a56) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-051bc89f00d84ba5d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group default (sg-051bc89f00d84ba5d) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-014e8daa4cc040ec3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group FLTITLE (sg-014e8daa4cc040ec3) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-05c4e006af9e88dce |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group production_instance_24hr (sg-05c4e006af9e88dce) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-090b4a2a1c5868d3f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-00d80536c6f581309 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group poc-new-dr-SG (sg-00d80536c6f581309) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-06bd3c482cfc57740 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group launch-wizard-10 (sg-06bd3c482cfc57740) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0cef5febe99cb6c57 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0e3c03071ed78ed08 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-07032cce3a92d339c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group newexample (sg-07032cce3a92d339c) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-03e9695ce5a0004e3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-01ce2418c7b289616 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-048665d6d0c5ddade |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group launch-wizard-12 (sg-048665d6d0c5ddade) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-031e19902e2a5afdf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group xenia (sg-031e19902e2a5afdf) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-09fe68ed6b5fb3364 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-07fe7a4a585a27114 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0d37f630587326b7e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group launch-wizard-8 (sg-0d37f630587326b7e) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-026aafec6fadbd8c1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-07a7e54c93da1b0bb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0aeb794463e80d4fb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0a229ea3e85856a09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group new-rdp-pub (sg-0a229ea3e85856a09) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-008d5e1c2f6c94baa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-07cb54f5346101b04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-08d49b3fee5eae78f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0ced3f254ff2e2449 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group Production_instance (sg-0ced3f254ff2e2449) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0af3d8b5b8bc880fa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0a9daa8c4e10538d0 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0772c4ae4f2152412 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group launch-wizard-9 (sg-0772c4ae4f2152412) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-091c740915160e014 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group default (sg-091c740915160e014) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0cda5846e51d75406 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-04b71d8fe6f61ac09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-08a830f3818df22d8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-09fc17deef2200543 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group launch-wizard-3 (sg-09fc17deef2200543) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0474afad1cede51c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-16c91a78 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group default (sg-16c91a78) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-03dda95217bd722cf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0b36e9776f84be1b8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0bd7e423fac41eca5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group snatpshot_test (sg-0bd7e423fac41eca5) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-05eb10b1b7df8b201 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group default (sg-05eb10b1b7df8b201) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-094663576a916beb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group Scan (sg-094663576a916beb5) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0cf58d958641ae531 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group FLTITLE-db (sg-0cf58d958641ae531) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-07ca5965527721e2b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group test.fugo.ELB (sg-07ca5965527721e2b) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-04ffc3255e82b26a3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group test.fugoone (sg-04ffc3255e82b26a3) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0cc85defb9824bf46 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group newdemo (sg-0cc85defb9824bf46) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0a5358451ab8eb31f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-05621c06837212db5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group fugo office network (sg-05621c06837212db5) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-08b7370c7d1c12ab6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group Workspace (sg-08b7370c7d1c12ab6) has Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0b6c9695323ec455c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0d60b8f6ae7a1dc83 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0b519b5e6321a2762 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group RDP_NEW (sg-0b519b5e6321a2762) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0b6ae40bc40a05870 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group default (sg-0b6ae40bc40a05870) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-07134278bb62c54e5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group tittle.fugoone.com (sg-07134278bb62c54e5) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-04819898c1b060625 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group launch-wizard-1 (sg-04819898c1b060625) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-04e2e7f5507ea7337 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-05f377a970051f352 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0e4aa2f9d569fca18 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-03cd1691502cec67e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group windows (sg-03cd1691502cec67e) has Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0cae57cb9099fc6de |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0dccfce9d4a0c9e60 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0b491bea1db5b5666 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group Windows_Mig_test (sg-0b491bea1db5b5666) has Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0ee48f91f8164b5d9 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0209ccd9248b69ece |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-055f2fcdabec8a369 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group default (sg-055f2fcdabec8a369) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-076ae3302eae38eae |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-04025f2ff76e7bd88 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group test (sg-04025f2ff76e7bd88) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0129ef8098ddb64c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group monitoring-sg (sg-0129ef8098ddb64c3) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0eadf6ec31f93bb8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0491433bb7e2de88d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0c2892864e591824e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group PMS-app-server (sg-0c2892864e591824e) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-06c3a17fe51c9de61 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0fdf571c639c4ea8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0ac53cbf0ab180e84 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-054a81357c28e6fb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0d900345b2583fc49 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group fugoservices-web (sg-0d900345b2583fc49) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-039c5bcf6bdfe954d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0a7e5947d6d3ab692 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group default (sg-0a7e5947d6d3ab692) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-000e6b51a965ce764 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group wazuh (sg-000e6b51a965ce764) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-02aac871f20a48d69 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0299cd0cdfa6599bc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group knowfugo-database (sg-0299cd0cdfa6599bc) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0b5898998ef0f0040 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0f1b0a1ae6ee72a6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0682fefbab8f20c19 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-03f8863db5b89f3cc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0b599093e3e3c4c6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-007e9f3f5e6a7dda2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group knowfugo (sg-007e9f3f5e6a7dda2) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0937aff6d72c24a45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group stagng_knowfugo (sg-0937aff6d72c24a45) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-08121f893f2d89138 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-048bccd7d49e2c556 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0325f3fdbd7f4ae04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group Demo-audit (sg-0325f3fdbd7f4ae04) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0f8abce01b2b398db |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group Audit-Bastion (sg-0f8abce01b2b398db) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0f05243b7bf9d3257 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-04edb80657ca25b45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group BASION host (sg-04edb80657ca25b45) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-01ddee8f2302669c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group api.fugoone.com (sg-01ddee8f2302669c3) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-01d6b0b12ee726a22 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group audit-demo-lb (sg-01d6b0b12ee726a22) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-01063b292cec3ec8c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group FUGO-AD (sg-01063b292cec3ec8c) has Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0e1e536387953fb6b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group New_example_fugoone (sg-0e1e536387953fb6b) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-044d5380ff0b25acd |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0a2c2913bff2400c2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group KNOW-ELB (sg-0a2c2913bff2400c2) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0532d1ee42b3f4636 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group test-fugoone-db (sg-0532d1ee42b3f4636) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0f44652776af161f8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group demo-audit-rds-sg (sg-0f44652776af161f8) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0c2a1b648c8879fe5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-08c854f0f6d88954f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-031db14f807d2b614 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0ebcd60f472f0e59d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-c9844db7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group default (sg-c9844db7) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-b52739cb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group default (sg-b52739cb) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-central-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-6cab7d09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group default (sg-6cab7d09) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-north-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-c92874a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group default (sg-c92874a2) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-31d72b79 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group default (sg-31d72b79) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-4b2ddf2a |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group default (sg-4b2ddf2a) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-7aaf9417 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group default (sg-7aaf9417) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
sa-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-f82f8285 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group default (sg-f82f8285) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0236a454c87e868a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group d-906769962c_controllers (sg-0236a454c87e868a2) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-050d9187f381d2f0b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group default (sg-050d9187f381d2f0b) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-7a00c82f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group default (sg-7a00c82f) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0bde47bb7dcbff977 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0d3dc664f916e5beb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group Test Instance (sg-0d3dc664f916e5beb) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-00e8dbdcd832c0963 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-b78824d2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group default (sg-b78824d2) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-06bcee4d6827a114b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group launch-wizard-1 (sg-06bcee4d6827a114b) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-d876d4a6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group default (sg-d876d4a6) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0e76f8d7e9c5345df |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-e0eef6a5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 |
Security group default (sg-e0eef6a5) has not Kafka port 9092 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-a7a8a2d7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group default (sg-a7a8a2d7) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0781bb66 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group default (sg-0781bb66) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-3bd72a56 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group default (sg-3bd72a56) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-051bc89f00d84ba5d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group default (sg-051bc89f00d84ba5d) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-014e8daa4cc040ec3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group FLTITLE (sg-014e8daa4cc040ec3) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-05c4e006af9e88dce |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group production_instance_24hr (sg-05c4e006af9e88dce) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-090b4a2a1c5868d3f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-00d80536c6f581309 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group poc-new-dr-SG (sg-00d80536c6f581309) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-06bd3c482cfc57740 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group launch-wizard-10 (sg-06bd3c482cfc57740) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0cef5febe99cb6c57 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0e3c03071ed78ed08 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-07032cce3a92d339c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group newexample (sg-07032cce3a92d339c) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-03e9695ce5a0004e3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-01ce2418c7b289616 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-048665d6d0c5ddade |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group launch-wizard-12 (sg-048665d6d0c5ddade) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-031e19902e2a5afdf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group xenia (sg-031e19902e2a5afdf) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-09fe68ed6b5fb3364 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-07fe7a4a585a27114 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0d37f630587326b7e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group launch-wizard-8 (sg-0d37f630587326b7e) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-026aafec6fadbd8c1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-07a7e54c93da1b0bb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0aeb794463e80d4fb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0a229ea3e85856a09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group new-rdp-pub (sg-0a229ea3e85856a09) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-008d5e1c2f6c94baa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-07cb54f5346101b04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-08d49b3fee5eae78f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0ced3f254ff2e2449 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group Production_instance (sg-0ced3f254ff2e2449) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0af3d8b5b8bc880fa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0a9daa8c4e10538d0 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0772c4ae4f2152412 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group launch-wizard-9 (sg-0772c4ae4f2152412) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-091c740915160e014 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group default (sg-091c740915160e014) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0cda5846e51d75406 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-04b71d8fe6f61ac09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-08a830f3818df22d8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-09fc17deef2200543 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group launch-wizard-3 (sg-09fc17deef2200543) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0474afad1cede51c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-16c91a78 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group default (sg-16c91a78) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-03dda95217bd722cf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0b36e9776f84be1b8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0bd7e423fac41eca5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group snatpshot_test (sg-0bd7e423fac41eca5) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-05eb10b1b7df8b201 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group default (sg-05eb10b1b7df8b201) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-094663576a916beb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group Scan (sg-094663576a916beb5) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0cf58d958641ae531 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group FLTITLE-db (sg-0cf58d958641ae531) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-07ca5965527721e2b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group test.fugo.ELB (sg-07ca5965527721e2b) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-04ffc3255e82b26a3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group test.fugoone (sg-04ffc3255e82b26a3) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0cc85defb9824bf46 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group newdemo (sg-0cc85defb9824bf46) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0a5358451ab8eb31f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-05621c06837212db5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group fugo office network (sg-05621c06837212db5) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-08b7370c7d1c12ab6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group Workspace (sg-08b7370c7d1c12ab6) has Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0b6c9695323ec455c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0d60b8f6ae7a1dc83 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0b519b5e6321a2762 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group RDP_NEW (sg-0b519b5e6321a2762) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0b6ae40bc40a05870 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group default (sg-0b6ae40bc40a05870) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-07134278bb62c54e5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group tittle.fugoone.com (sg-07134278bb62c54e5) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-04819898c1b060625 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group launch-wizard-1 (sg-04819898c1b060625) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-04e2e7f5507ea7337 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-05f377a970051f352 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0e4aa2f9d569fca18 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-03cd1691502cec67e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group windows (sg-03cd1691502cec67e) has Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0cae57cb9099fc6de |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0dccfce9d4a0c9e60 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0b491bea1db5b5666 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group Windows_Mig_test (sg-0b491bea1db5b5666) has Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0ee48f91f8164b5d9 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0209ccd9248b69ece |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-055f2fcdabec8a369 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group default (sg-055f2fcdabec8a369) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-076ae3302eae38eae |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-04025f2ff76e7bd88 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group test (sg-04025f2ff76e7bd88) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0129ef8098ddb64c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group monitoring-sg (sg-0129ef8098ddb64c3) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0eadf6ec31f93bb8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0491433bb7e2de88d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0c2892864e591824e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group PMS-app-server (sg-0c2892864e591824e) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-06c3a17fe51c9de61 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0fdf571c639c4ea8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0ac53cbf0ab180e84 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-054a81357c28e6fb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0d900345b2583fc49 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group fugoservices-web (sg-0d900345b2583fc49) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-039c5bcf6bdfe954d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0a7e5947d6d3ab692 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group default (sg-0a7e5947d6d3ab692) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-000e6b51a965ce764 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group wazuh (sg-000e6b51a965ce764) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-02aac871f20a48d69 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0299cd0cdfa6599bc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group knowfugo-database (sg-0299cd0cdfa6599bc) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0b5898998ef0f0040 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0f1b0a1ae6ee72a6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0682fefbab8f20c19 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-03f8863db5b89f3cc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0b599093e3e3c4c6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-007e9f3f5e6a7dda2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group knowfugo (sg-007e9f3f5e6a7dda2) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0937aff6d72c24a45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group stagng_knowfugo (sg-0937aff6d72c24a45) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-08121f893f2d89138 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-048bccd7d49e2c556 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0325f3fdbd7f4ae04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group Demo-audit (sg-0325f3fdbd7f4ae04) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0f8abce01b2b398db |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group Audit-Bastion (sg-0f8abce01b2b398db) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0f05243b7bf9d3257 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-04edb80657ca25b45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group BASION host (sg-04edb80657ca25b45) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-01ddee8f2302669c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group api.fugoone.com (sg-01ddee8f2302669c3) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-01d6b0b12ee726a22 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group audit-demo-lb (sg-01d6b0b12ee726a22) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-01063b292cec3ec8c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group FUGO-AD (sg-01063b292cec3ec8c) has Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0e1e536387953fb6b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group New_example_fugoone (sg-0e1e536387953fb6b) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-044d5380ff0b25acd |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0a2c2913bff2400c2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group KNOW-ELB (sg-0a2c2913bff2400c2) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0532d1ee42b3f4636 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group test-fugoone-db (sg-0532d1ee42b3f4636) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0f44652776af161f8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group demo-audit-rds-sg (sg-0f44652776af161f8) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0c2a1b648c8879fe5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-08c854f0f6d88954f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-031db14f807d2b614 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0ebcd60f472f0e59d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-c9844db7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group default (sg-c9844db7) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-b52739cb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group default (sg-b52739cb) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-central-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-6cab7d09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group default (sg-6cab7d09) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-north-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-c92874a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group default (sg-c92874a2) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-31d72b79 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group default (sg-31d72b79) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-4b2ddf2a |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group default (sg-4b2ddf2a) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-7aaf9417 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group default (sg-7aaf9417) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
sa-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-f82f8285 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group default (sg-f82f8285) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0236a454c87e868a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group d-906769962c_controllers (sg-0236a454c87e868a2) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-050d9187f381d2f0b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group default (sg-050d9187f381d2f0b) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-7a00c82f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group default (sg-7a00c82f) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0bde47bb7dcbff977 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0d3dc664f916e5beb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group Test Instance (sg-0d3dc664f916e5beb) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-00e8dbdcd832c0963 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-b78824d2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group default (sg-b78824d2) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-06bcee4d6827a114b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group launch-wizard-1 (sg-06bcee4d6827a114b) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-d876d4a6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group default (sg-d876d4a6) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-0e76f8d7e9c5345df |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
sg-e0eef6a5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 |
Security group default (sg-e0eef6a5) has not Memcached port 11211 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-a7a8a2d7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group default (sg-a7a8a2d7) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0781bb66 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group default (sg-0781bb66) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-3bd72a56 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group default (sg-3bd72a56) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-051bc89f00d84ba5d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group default (sg-051bc89f00d84ba5d) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-014e8daa4cc040ec3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group FLTITLE (sg-014e8daa4cc040ec3) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-05c4e006af9e88dce |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group production_instance_24hr (sg-05c4e006af9e88dce) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-090b4a2a1c5868d3f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-00d80536c6f581309 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group poc-new-dr-SG (sg-00d80536c6f581309) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-06bd3c482cfc57740 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group launch-wizard-10 (sg-06bd3c482cfc57740) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0cef5febe99cb6c57 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0e3c03071ed78ed08 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-07032cce3a92d339c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group newexample (sg-07032cce3a92d339c) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-03e9695ce5a0004e3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-01ce2418c7b289616 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-048665d6d0c5ddade |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group launch-wizard-12 (sg-048665d6d0c5ddade) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-031e19902e2a5afdf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group xenia (sg-031e19902e2a5afdf) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-09fe68ed6b5fb3364 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-07fe7a4a585a27114 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0d37f630587326b7e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group launch-wizard-8 (sg-0d37f630587326b7e) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-026aafec6fadbd8c1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-07a7e54c93da1b0bb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0aeb794463e80d4fb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0a229ea3e85856a09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group new-rdp-pub (sg-0a229ea3e85856a09) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-008d5e1c2f6c94baa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-07cb54f5346101b04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-08d49b3fee5eae78f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0ced3f254ff2e2449 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group Production_instance (sg-0ced3f254ff2e2449) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0af3d8b5b8bc880fa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0a9daa8c4e10538d0 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0772c4ae4f2152412 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group launch-wizard-9 (sg-0772c4ae4f2152412) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-091c740915160e014 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group default (sg-091c740915160e014) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0cda5846e51d75406 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-04b71d8fe6f61ac09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-08a830f3818df22d8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-09fc17deef2200543 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group launch-wizard-3 (sg-09fc17deef2200543) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0474afad1cede51c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-16c91a78 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group default (sg-16c91a78) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-03dda95217bd722cf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0b36e9776f84be1b8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0bd7e423fac41eca5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group snatpshot_test (sg-0bd7e423fac41eca5) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-05eb10b1b7df8b201 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group default (sg-05eb10b1b7df8b201) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-094663576a916beb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group Scan (sg-094663576a916beb5) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0cf58d958641ae531 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group FLTITLE-db (sg-0cf58d958641ae531) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-07ca5965527721e2b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group test.fugo.ELB (sg-07ca5965527721e2b) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-04ffc3255e82b26a3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group test.fugoone (sg-04ffc3255e82b26a3) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0cc85defb9824bf46 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group newdemo (sg-0cc85defb9824bf46) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0a5358451ab8eb31f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-05621c06837212db5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group fugo office network (sg-05621c06837212db5) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-08b7370c7d1c12ab6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group Workspace (sg-08b7370c7d1c12ab6) has MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0b6c9695323ec455c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0d60b8f6ae7a1dc83 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0b519b5e6321a2762 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group RDP_NEW (sg-0b519b5e6321a2762) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0b6ae40bc40a05870 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group default (sg-0b6ae40bc40a05870) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-07134278bb62c54e5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group tittle.fugoone.com (sg-07134278bb62c54e5) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-04819898c1b060625 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group launch-wizard-1 (sg-04819898c1b060625) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-04e2e7f5507ea7337 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-05f377a970051f352 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0e4aa2f9d569fca18 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-03cd1691502cec67e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group windows (sg-03cd1691502cec67e) has MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0cae57cb9099fc6de |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0dccfce9d4a0c9e60 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0b491bea1db5b5666 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group Windows_Mig_test (sg-0b491bea1db5b5666) has MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0ee48f91f8164b5d9 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0209ccd9248b69ece |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-055f2fcdabec8a369 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group default (sg-055f2fcdabec8a369) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-076ae3302eae38eae |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-04025f2ff76e7bd88 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group test (sg-04025f2ff76e7bd88) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0129ef8098ddb64c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group monitoring-sg (sg-0129ef8098ddb64c3) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0eadf6ec31f93bb8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0491433bb7e2de88d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0c2892864e591824e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group PMS-app-server (sg-0c2892864e591824e) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-06c3a17fe51c9de61 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0fdf571c639c4ea8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0ac53cbf0ab180e84 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-054a81357c28e6fb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0d900345b2583fc49 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group fugoservices-web (sg-0d900345b2583fc49) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-039c5bcf6bdfe954d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0a7e5947d6d3ab692 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group default (sg-0a7e5947d6d3ab692) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-000e6b51a965ce764 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group wazuh (sg-000e6b51a965ce764) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-02aac871f20a48d69 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0299cd0cdfa6599bc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group knowfugo-database (sg-0299cd0cdfa6599bc) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0b5898998ef0f0040 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0f1b0a1ae6ee72a6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0682fefbab8f20c19 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-03f8863db5b89f3cc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0b599093e3e3c4c6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-007e9f3f5e6a7dda2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group knowfugo (sg-007e9f3f5e6a7dda2) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0937aff6d72c24a45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group stagng_knowfugo (sg-0937aff6d72c24a45) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-08121f893f2d89138 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-048bccd7d49e2c556 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0325f3fdbd7f4ae04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group Demo-audit (sg-0325f3fdbd7f4ae04) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0f8abce01b2b398db |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group Audit-Bastion (sg-0f8abce01b2b398db) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0f05243b7bf9d3257 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-04edb80657ca25b45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group BASION host (sg-04edb80657ca25b45) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-01ddee8f2302669c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group api.fugoone.com (sg-01ddee8f2302669c3) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-01d6b0b12ee726a22 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group audit-demo-lb (sg-01d6b0b12ee726a22) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-01063b292cec3ec8c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group FUGO-AD (sg-01063b292cec3ec8c) has MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0e1e536387953fb6b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group New_example_fugoone (sg-0e1e536387953fb6b) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-044d5380ff0b25acd |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0a2c2913bff2400c2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group KNOW-ELB (sg-0a2c2913bff2400c2) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0532d1ee42b3f4636 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group test-fugoone-db (sg-0532d1ee42b3f4636) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0f44652776af161f8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group demo-audit-rds-sg (sg-0f44652776af161f8) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0c2a1b648c8879fe5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-08c854f0f6d88954f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-031db14f807d2b614 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0ebcd60f472f0e59d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-c9844db7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group default (sg-c9844db7) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-b52739cb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group default (sg-b52739cb) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-central-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-6cab7d09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group default (sg-6cab7d09) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-north-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-c92874a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group default (sg-c92874a2) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-31d72b79 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group default (sg-31d72b79) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-4b2ddf2a |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group default (sg-4b2ddf2a) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-7aaf9417 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group default (sg-7aaf9417) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
sa-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-f82f8285 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group default (sg-f82f8285) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0236a454c87e868a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group d-906769962c_controllers (sg-0236a454c87e868a2) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-050d9187f381d2f0b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group default (sg-050d9187f381d2f0b) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-7a00c82f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group default (sg-7a00c82f) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0bde47bb7dcbff977 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0d3dc664f916e5beb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group Test Instance (sg-0d3dc664f916e5beb) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-00e8dbdcd832c0963 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-b78824d2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group default (sg-b78824d2) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-06bcee4d6827a114b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group launch-wizard-1 (sg-06bcee4d6827a114b) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-d876d4a6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group default (sg-d876d4a6) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-0e76f8d7e9c5345df |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
sg-e0eef6a5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 |
Security group default (sg-e0eef6a5) has not MySQL port 3306 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-a7a8a2d7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group default (sg-a7a8a2d7) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0781bb66 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group default (sg-0781bb66) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-3bd72a56 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group default (sg-3bd72a56) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-051bc89f00d84ba5d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group default (sg-051bc89f00d84ba5d) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-014e8daa4cc040ec3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group FLTITLE (sg-014e8daa4cc040ec3) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-05c4e006af9e88dce |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group production_instance_24hr (sg-05c4e006af9e88dce) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-090b4a2a1c5868d3f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-00d80536c6f581309 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group poc-new-dr-SG (sg-00d80536c6f581309) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-06bd3c482cfc57740 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group launch-wizard-10 (sg-06bd3c482cfc57740) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0cef5febe99cb6c57 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0e3c03071ed78ed08 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-07032cce3a92d339c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group newexample (sg-07032cce3a92d339c) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-03e9695ce5a0004e3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-01ce2418c7b289616 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-048665d6d0c5ddade |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group launch-wizard-12 (sg-048665d6d0c5ddade) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-031e19902e2a5afdf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group xenia (sg-031e19902e2a5afdf) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-09fe68ed6b5fb3364 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-07fe7a4a585a27114 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0d37f630587326b7e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group launch-wizard-8 (sg-0d37f630587326b7e) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-026aafec6fadbd8c1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-07a7e54c93da1b0bb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0aeb794463e80d4fb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0a229ea3e85856a09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group new-rdp-pub (sg-0a229ea3e85856a09) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-008d5e1c2f6c94baa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-07cb54f5346101b04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-08d49b3fee5eae78f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0ced3f254ff2e2449 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group Production_instance (sg-0ced3f254ff2e2449) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0af3d8b5b8bc880fa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0a9daa8c4e10538d0 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0772c4ae4f2152412 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group launch-wizard-9 (sg-0772c4ae4f2152412) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-091c740915160e014 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group default (sg-091c740915160e014) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0cda5846e51d75406 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-04b71d8fe6f61ac09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-08a830f3818df22d8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-09fc17deef2200543 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group launch-wizard-3 (sg-09fc17deef2200543) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0474afad1cede51c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-16c91a78 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group default (sg-16c91a78) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-03dda95217bd722cf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0b36e9776f84be1b8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0bd7e423fac41eca5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group snatpshot_test (sg-0bd7e423fac41eca5) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-05eb10b1b7df8b201 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group default (sg-05eb10b1b7df8b201) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-094663576a916beb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group Scan (sg-094663576a916beb5) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0cf58d958641ae531 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group FLTITLE-db (sg-0cf58d958641ae531) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-07ca5965527721e2b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group test.fugo.ELB (sg-07ca5965527721e2b) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-04ffc3255e82b26a3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group test.fugoone (sg-04ffc3255e82b26a3) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0cc85defb9824bf46 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group newdemo (sg-0cc85defb9824bf46) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0a5358451ab8eb31f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-05621c06837212db5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group fugo office network (sg-05621c06837212db5) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-08b7370c7d1c12ab6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group Workspace (sg-08b7370c7d1c12ab6) has Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0b6c9695323ec455c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0d60b8f6ae7a1dc83 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0b519b5e6321a2762 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group RDP_NEW (sg-0b519b5e6321a2762) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0b6ae40bc40a05870 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group default (sg-0b6ae40bc40a05870) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-07134278bb62c54e5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group tittle.fugoone.com (sg-07134278bb62c54e5) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-04819898c1b060625 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group launch-wizard-1 (sg-04819898c1b060625) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-04e2e7f5507ea7337 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-05f377a970051f352 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0e4aa2f9d569fca18 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-03cd1691502cec67e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group windows (sg-03cd1691502cec67e) has Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0cae57cb9099fc6de |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0dccfce9d4a0c9e60 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0b491bea1db5b5666 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group Windows_Mig_test (sg-0b491bea1db5b5666) has Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0ee48f91f8164b5d9 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0209ccd9248b69ece |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-055f2fcdabec8a369 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group default (sg-055f2fcdabec8a369) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-076ae3302eae38eae |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-04025f2ff76e7bd88 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group test (sg-04025f2ff76e7bd88) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0129ef8098ddb64c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group monitoring-sg (sg-0129ef8098ddb64c3) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0eadf6ec31f93bb8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0491433bb7e2de88d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0c2892864e591824e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group PMS-app-server (sg-0c2892864e591824e) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-06c3a17fe51c9de61 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0fdf571c639c4ea8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0ac53cbf0ab180e84 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-054a81357c28e6fb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0d900345b2583fc49 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group fugoservices-web (sg-0d900345b2583fc49) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-039c5bcf6bdfe954d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0a7e5947d6d3ab692 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group default (sg-0a7e5947d6d3ab692) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-000e6b51a965ce764 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group wazuh (sg-000e6b51a965ce764) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-02aac871f20a48d69 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0299cd0cdfa6599bc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group knowfugo-database (sg-0299cd0cdfa6599bc) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0b5898998ef0f0040 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0f1b0a1ae6ee72a6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0682fefbab8f20c19 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-03f8863db5b89f3cc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0b599093e3e3c4c6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-007e9f3f5e6a7dda2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group knowfugo (sg-007e9f3f5e6a7dda2) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0937aff6d72c24a45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group stagng_knowfugo (sg-0937aff6d72c24a45) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-08121f893f2d89138 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-048bccd7d49e2c556 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0325f3fdbd7f4ae04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group Demo-audit (sg-0325f3fdbd7f4ae04) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0f8abce01b2b398db |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group Audit-Bastion (sg-0f8abce01b2b398db) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0f05243b7bf9d3257 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-04edb80657ca25b45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group BASION host (sg-04edb80657ca25b45) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-01ddee8f2302669c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group api.fugoone.com (sg-01ddee8f2302669c3) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-01d6b0b12ee726a22 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group audit-demo-lb (sg-01d6b0b12ee726a22) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-01063b292cec3ec8c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group FUGO-AD (sg-01063b292cec3ec8c) has Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0e1e536387953fb6b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group New_example_fugoone (sg-0e1e536387953fb6b) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-044d5380ff0b25acd |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0a2c2913bff2400c2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group KNOW-ELB (sg-0a2c2913bff2400c2) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0532d1ee42b3f4636 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group test-fugoone-db (sg-0532d1ee42b3f4636) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0f44652776af161f8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group demo-audit-rds-sg (sg-0f44652776af161f8) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0c2a1b648c8879fe5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-08c854f0f6d88954f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-031db14f807d2b614 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0ebcd60f472f0e59d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-c9844db7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group default (sg-c9844db7) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-b52739cb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group default (sg-b52739cb) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-central-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-6cab7d09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group default (sg-6cab7d09) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-north-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-c92874a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group default (sg-c92874a2) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-31d72b79 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group default (sg-31d72b79) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-4b2ddf2a |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group default (sg-4b2ddf2a) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-7aaf9417 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group default (sg-7aaf9417) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
sa-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-f82f8285 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group default (sg-f82f8285) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0236a454c87e868a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group d-906769962c_controllers (sg-0236a454c87e868a2) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-050d9187f381d2f0b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group default (sg-050d9187f381d2f0b) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-7a00c82f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group default (sg-7a00c82f) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0bde47bb7dcbff977 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0d3dc664f916e5beb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group Test Instance (sg-0d3dc664f916e5beb) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-00e8dbdcd832c0963 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-b78824d2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group default (sg-b78824d2) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-06bcee4d6827a114b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group launch-wizard-1 (sg-06bcee4d6827a114b) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-d876d4a6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group default (sg-d876d4a6) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-0e76f8d7e9c5345df |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
sg-e0eef6a5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 |
Security group default (sg-e0eef6a5) has not Oracle ports 1521 and 2483 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-a7a8a2d7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group default (sg-a7a8a2d7) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0781bb66 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group default (sg-0781bb66) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-3bd72a56 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group default (sg-3bd72a56) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-051bc89f00d84ba5d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group default (sg-051bc89f00d84ba5d) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-014e8daa4cc040ec3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group FLTITLE (sg-014e8daa4cc040ec3) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-05c4e006af9e88dce |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group production_instance_24hr (sg-05c4e006af9e88dce) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-090b4a2a1c5868d3f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-00d80536c6f581309 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group poc-new-dr-SG (sg-00d80536c6f581309) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-06bd3c482cfc57740 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group launch-wizard-10 (sg-06bd3c482cfc57740) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0cef5febe99cb6c57 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0e3c03071ed78ed08 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-07032cce3a92d339c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group newexample (sg-07032cce3a92d339c) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-03e9695ce5a0004e3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-01ce2418c7b289616 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-048665d6d0c5ddade |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group launch-wizard-12 (sg-048665d6d0c5ddade) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-031e19902e2a5afdf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group xenia (sg-031e19902e2a5afdf) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-09fe68ed6b5fb3364 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-07fe7a4a585a27114 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0d37f630587326b7e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group launch-wizard-8 (sg-0d37f630587326b7e) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-026aafec6fadbd8c1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-07a7e54c93da1b0bb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0aeb794463e80d4fb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0a229ea3e85856a09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group new-rdp-pub (sg-0a229ea3e85856a09) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-008d5e1c2f6c94baa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-07cb54f5346101b04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-08d49b3fee5eae78f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0ced3f254ff2e2449 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group Production_instance (sg-0ced3f254ff2e2449) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0af3d8b5b8bc880fa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0a9daa8c4e10538d0 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0772c4ae4f2152412 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group launch-wizard-9 (sg-0772c4ae4f2152412) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-091c740915160e014 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group default (sg-091c740915160e014) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0cda5846e51d75406 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-04b71d8fe6f61ac09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-08a830f3818df22d8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-09fc17deef2200543 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group launch-wizard-3 (sg-09fc17deef2200543) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0474afad1cede51c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-16c91a78 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group default (sg-16c91a78) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-03dda95217bd722cf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0b36e9776f84be1b8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0bd7e423fac41eca5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group snatpshot_test (sg-0bd7e423fac41eca5) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-05eb10b1b7df8b201 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group default (sg-05eb10b1b7df8b201) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-094663576a916beb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group Scan (sg-094663576a916beb5) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0cf58d958641ae531 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group FLTITLE-db (sg-0cf58d958641ae531) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-07ca5965527721e2b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group test.fugo.ELB (sg-07ca5965527721e2b) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-04ffc3255e82b26a3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group test.fugoone (sg-04ffc3255e82b26a3) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0cc85defb9824bf46 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group newdemo (sg-0cc85defb9824bf46) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0a5358451ab8eb31f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-05621c06837212db5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group fugo office network (sg-05621c06837212db5) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-08b7370c7d1c12ab6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group Workspace (sg-08b7370c7d1c12ab6) has Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0b6c9695323ec455c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0d60b8f6ae7a1dc83 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0b519b5e6321a2762 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group RDP_NEW (sg-0b519b5e6321a2762) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0b6ae40bc40a05870 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group default (sg-0b6ae40bc40a05870) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-07134278bb62c54e5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group tittle.fugoone.com (sg-07134278bb62c54e5) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-04819898c1b060625 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group launch-wizard-1 (sg-04819898c1b060625) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-04e2e7f5507ea7337 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-05f377a970051f352 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0e4aa2f9d569fca18 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-03cd1691502cec67e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group windows (sg-03cd1691502cec67e) has Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0cae57cb9099fc6de |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0dccfce9d4a0c9e60 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0b491bea1db5b5666 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group Windows_Mig_test (sg-0b491bea1db5b5666) has Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0ee48f91f8164b5d9 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0209ccd9248b69ece |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-055f2fcdabec8a369 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group default (sg-055f2fcdabec8a369) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-076ae3302eae38eae |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-04025f2ff76e7bd88 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group test (sg-04025f2ff76e7bd88) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0129ef8098ddb64c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group monitoring-sg (sg-0129ef8098ddb64c3) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0eadf6ec31f93bb8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0491433bb7e2de88d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0c2892864e591824e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group PMS-app-server (sg-0c2892864e591824e) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-06c3a17fe51c9de61 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0fdf571c639c4ea8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0ac53cbf0ab180e84 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-054a81357c28e6fb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0d900345b2583fc49 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group fugoservices-web (sg-0d900345b2583fc49) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-039c5bcf6bdfe954d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0a7e5947d6d3ab692 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group default (sg-0a7e5947d6d3ab692) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-000e6b51a965ce764 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group wazuh (sg-000e6b51a965ce764) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-02aac871f20a48d69 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0299cd0cdfa6599bc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group knowfugo-database (sg-0299cd0cdfa6599bc) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0b5898998ef0f0040 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0f1b0a1ae6ee72a6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0682fefbab8f20c19 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-03f8863db5b89f3cc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0b599093e3e3c4c6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-007e9f3f5e6a7dda2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group knowfugo (sg-007e9f3f5e6a7dda2) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0937aff6d72c24a45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group stagng_knowfugo (sg-0937aff6d72c24a45) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-08121f893f2d89138 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-048bccd7d49e2c556 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0325f3fdbd7f4ae04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group Demo-audit (sg-0325f3fdbd7f4ae04) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0f8abce01b2b398db |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group Audit-Bastion (sg-0f8abce01b2b398db) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0f05243b7bf9d3257 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-04edb80657ca25b45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group BASION host (sg-04edb80657ca25b45) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-01ddee8f2302669c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group api.fugoone.com (sg-01ddee8f2302669c3) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-01d6b0b12ee726a22 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group audit-demo-lb (sg-01d6b0b12ee726a22) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-01063b292cec3ec8c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group FUGO-AD (sg-01063b292cec3ec8c) has Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0e1e536387953fb6b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group New_example_fugoone (sg-0e1e536387953fb6b) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-044d5380ff0b25acd |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0a2c2913bff2400c2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group KNOW-ELB (sg-0a2c2913bff2400c2) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0532d1ee42b3f4636 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group test-fugoone-db (sg-0532d1ee42b3f4636) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0f44652776af161f8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group demo-audit-rds-sg (sg-0f44652776af161f8) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0c2a1b648c8879fe5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-08c854f0f6d88954f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-031db14f807d2b614 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0ebcd60f472f0e59d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-c9844db7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group default (sg-c9844db7) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-b52739cb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group default (sg-b52739cb) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-central-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-6cab7d09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group default (sg-6cab7d09) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-north-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-c92874a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group default (sg-c92874a2) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-31d72b79 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group default (sg-31d72b79) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-4b2ddf2a |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group default (sg-4b2ddf2a) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-7aaf9417 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group default (sg-7aaf9417) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
sa-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-f82f8285 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group default (sg-f82f8285) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0236a454c87e868a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group d-906769962c_controllers (sg-0236a454c87e868a2) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-050d9187f381d2f0b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group default (sg-050d9187f381d2f0b) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-7a00c82f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group default (sg-7a00c82f) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0bde47bb7dcbff977 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0d3dc664f916e5beb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group Test Instance (sg-0d3dc664f916e5beb) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-00e8dbdcd832c0963 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-b78824d2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group default (sg-b78824d2) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-06bcee4d6827a114b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group launch-wizard-1 (sg-06bcee4d6827a114b) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-d876d4a6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group default (sg-d876d4a6) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-0e76f8d7e9c5345df |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
sg-e0eef6a5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 |
Security group default (sg-e0eef6a5) has not Postgres port 5432 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-a7a8a2d7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group default (sg-a7a8a2d7) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0781bb66 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group default (sg-0781bb66) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-3bd72a56 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group default (sg-3bd72a56) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-051bc89f00d84ba5d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group default (sg-051bc89f00d84ba5d) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-014e8daa4cc040ec3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group FLTITLE (sg-014e8daa4cc040ec3) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-05c4e006af9e88dce |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group production_instance_24hr (sg-05c4e006af9e88dce) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-090b4a2a1c5868d3f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-00d80536c6f581309 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group poc-new-dr-SG (sg-00d80536c6f581309) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-06bd3c482cfc57740 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group launch-wizard-10 (sg-06bd3c482cfc57740) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0cef5febe99cb6c57 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0e3c03071ed78ed08 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-07032cce3a92d339c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group newexample (sg-07032cce3a92d339c) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-03e9695ce5a0004e3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-01ce2418c7b289616 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-048665d6d0c5ddade |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group launch-wizard-12 (sg-048665d6d0c5ddade) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-031e19902e2a5afdf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group xenia (sg-031e19902e2a5afdf) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-09fe68ed6b5fb3364 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-07fe7a4a585a27114 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0d37f630587326b7e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group launch-wizard-8 (sg-0d37f630587326b7e) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-026aafec6fadbd8c1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-07a7e54c93da1b0bb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0aeb794463e80d4fb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0a229ea3e85856a09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group new-rdp-pub (sg-0a229ea3e85856a09) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-008d5e1c2f6c94baa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-07cb54f5346101b04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-08d49b3fee5eae78f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0ced3f254ff2e2449 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group Production_instance (sg-0ced3f254ff2e2449) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0af3d8b5b8bc880fa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0a9daa8c4e10538d0 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0772c4ae4f2152412 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group launch-wizard-9 (sg-0772c4ae4f2152412) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-091c740915160e014 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group default (sg-091c740915160e014) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0cda5846e51d75406 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-04b71d8fe6f61ac09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-08a830f3818df22d8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-09fc17deef2200543 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group launch-wizard-3 (sg-09fc17deef2200543) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0474afad1cede51c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-16c91a78 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group default (sg-16c91a78) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-03dda95217bd722cf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0b36e9776f84be1b8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0bd7e423fac41eca5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group snatpshot_test (sg-0bd7e423fac41eca5) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-05eb10b1b7df8b201 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group default (sg-05eb10b1b7df8b201) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-094663576a916beb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group Scan (sg-094663576a916beb5) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0cf58d958641ae531 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group FLTITLE-db (sg-0cf58d958641ae531) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-07ca5965527721e2b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group test.fugo.ELB (sg-07ca5965527721e2b) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-04ffc3255e82b26a3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group test.fugoone (sg-04ffc3255e82b26a3) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0cc85defb9824bf46 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group newdemo (sg-0cc85defb9824bf46) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0a5358451ab8eb31f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-05621c06837212db5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group fugo office network (sg-05621c06837212db5) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-08b7370c7d1c12ab6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group Workspace (sg-08b7370c7d1c12ab6) has Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0b6c9695323ec455c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0d60b8f6ae7a1dc83 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0b519b5e6321a2762 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group RDP_NEW (sg-0b519b5e6321a2762) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0b6ae40bc40a05870 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group default (sg-0b6ae40bc40a05870) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-07134278bb62c54e5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group tittle.fugoone.com (sg-07134278bb62c54e5) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-04819898c1b060625 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group launch-wizard-1 (sg-04819898c1b060625) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-04e2e7f5507ea7337 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-05f377a970051f352 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0e4aa2f9d569fca18 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-03cd1691502cec67e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group windows (sg-03cd1691502cec67e) has Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0cae57cb9099fc6de |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0dccfce9d4a0c9e60 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0b491bea1db5b5666 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group Windows_Mig_test (sg-0b491bea1db5b5666) has Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0ee48f91f8164b5d9 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0209ccd9248b69ece |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-055f2fcdabec8a369 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group default (sg-055f2fcdabec8a369) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-076ae3302eae38eae |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-04025f2ff76e7bd88 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group test (sg-04025f2ff76e7bd88) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0129ef8098ddb64c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group monitoring-sg (sg-0129ef8098ddb64c3) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0eadf6ec31f93bb8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0491433bb7e2de88d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0c2892864e591824e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group PMS-app-server (sg-0c2892864e591824e) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-06c3a17fe51c9de61 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0fdf571c639c4ea8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0ac53cbf0ab180e84 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-054a81357c28e6fb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0d900345b2583fc49 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group fugoservices-web (sg-0d900345b2583fc49) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-039c5bcf6bdfe954d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0a7e5947d6d3ab692 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group default (sg-0a7e5947d6d3ab692) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-000e6b51a965ce764 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group wazuh (sg-000e6b51a965ce764) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-02aac871f20a48d69 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0299cd0cdfa6599bc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group knowfugo-database (sg-0299cd0cdfa6599bc) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0b5898998ef0f0040 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0f1b0a1ae6ee72a6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0682fefbab8f20c19 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-03f8863db5b89f3cc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0b599093e3e3c4c6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-007e9f3f5e6a7dda2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group knowfugo (sg-007e9f3f5e6a7dda2) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0937aff6d72c24a45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group stagng_knowfugo (sg-0937aff6d72c24a45) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-08121f893f2d89138 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-048bccd7d49e2c556 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0325f3fdbd7f4ae04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group Demo-audit (sg-0325f3fdbd7f4ae04) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0f8abce01b2b398db |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group Audit-Bastion (sg-0f8abce01b2b398db) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0f05243b7bf9d3257 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-04edb80657ca25b45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group BASION host (sg-04edb80657ca25b45) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-01ddee8f2302669c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group api.fugoone.com (sg-01ddee8f2302669c3) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-01d6b0b12ee726a22 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group audit-demo-lb (sg-01d6b0b12ee726a22) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-01063b292cec3ec8c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group FUGO-AD (sg-01063b292cec3ec8c) has Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0e1e536387953fb6b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group New_example_fugoone (sg-0e1e536387953fb6b) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-044d5380ff0b25acd |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0a2c2913bff2400c2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group KNOW-ELB (sg-0a2c2913bff2400c2) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0532d1ee42b3f4636 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group test-fugoone-db (sg-0532d1ee42b3f4636) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0f44652776af161f8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group demo-audit-rds-sg (sg-0f44652776af161f8) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0c2a1b648c8879fe5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-08c854f0f6d88954f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-031db14f807d2b614 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0ebcd60f472f0e59d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-c9844db7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group default (sg-c9844db7) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-b52739cb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group default (sg-b52739cb) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-central-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-6cab7d09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group default (sg-6cab7d09) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-north-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-c92874a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group default (sg-c92874a2) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-31d72b79 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group default (sg-31d72b79) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-4b2ddf2a |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group default (sg-4b2ddf2a) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-7aaf9417 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group default (sg-7aaf9417) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
sa-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-f82f8285 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group default (sg-f82f8285) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0236a454c87e868a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group d-906769962c_controllers (sg-0236a454c87e868a2) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-050d9187f381d2f0b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group default (sg-050d9187f381d2f0b) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-7a00c82f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group default (sg-7a00c82f) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0bde47bb7dcbff977 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0d3dc664f916e5beb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group Test Instance (sg-0d3dc664f916e5beb) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-00e8dbdcd832c0963 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-b78824d2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group default (sg-b78824d2) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-06bcee4d6827a114b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group launch-wizard-1 (sg-06bcee4d6827a114b) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-d876d4a6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group default (sg-d876d4a6) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-0e76f8d7e9c5345df |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
sg-e0eef6a5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 |
Security group default (sg-e0eef6a5) has not Redis port 6379 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-a7a8a2d7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group default (sg-a7a8a2d7) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0781bb66 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group default (sg-0781bb66) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-3bd72a56 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group default (sg-3bd72a56) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-051bc89f00d84ba5d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group default (sg-051bc89f00d84ba5d) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-014e8daa4cc040ec3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group FLTITLE (sg-014e8daa4cc040ec3) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-05c4e006af9e88dce |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group production_instance_24hr (sg-05c4e006af9e88dce) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-090b4a2a1c5868d3f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-00d80536c6f581309 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group poc-new-dr-SG (sg-00d80536c6f581309) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-06bd3c482cfc57740 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group launch-wizard-10 (sg-06bd3c482cfc57740) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0cef5febe99cb6c57 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0e3c03071ed78ed08 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-07032cce3a92d339c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group newexample (sg-07032cce3a92d339c) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-03e9695ce5a0004e3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-01ce2418c7b289616 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-048665d6d0c5ddade |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group launch-wizard-12 (sg-048665d6d0c5ddade) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-031e19902e2a5afdf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group xenia (sg-031e19902e2a5afdf) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-09fe68ed6b5fb3364 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-07fe7a4a585a27114 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0d37f630587326b7e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group launch-wizard-8 (sg-0d37f630587326b7e) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-026aafec6fadbd8c1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-07a7e54c93da1b0bb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0aeb794463e80d4fb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0a229ea3e85856a09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group new-rdp-pub (sg-0a229ea3e85856a09) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-008d5e1c2f6c94baa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-07cb54f5346101b04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-08d49b3fee5eae78f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0ced3f254ff2e2449 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group Production_instance (sg-0ced3f254ff2e2449) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0af3d8b5b8bc880fa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0a9daa8c4e10538d0 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0772c4ae4f2152412 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group launch-wizard-9 (sg-0772c4ae4f2152412) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-091c740915160e014 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group default (sg-091c740915160e014) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0cda5846e51d75406 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-04b71d8fe6f61ac09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-08a830f3818df22d8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-09fc17deef2200543 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group launch-wizard-3 (sg-09fc17deef2200543) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0474afad1cede51c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-16c91a78 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group default (sg-16c91a78) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-03dda95217bd722cf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0b36e9776f84be1b8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0bd7e423fac41eca5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group snatpshot_test (sg-0bd7e423fac41eca5) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-05eb10b1b7df8b201 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group default (sg-05eb10b1b7df8b201) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-094663576a916beb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group Scan (sg-094663576a916beb5) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0cf58d958641ae531 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group FLTITLE-db (sg-0cf58d958641ae531) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-07ca5965527721e2b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group test.fugo.ELB (sg-07ca5965527721e2b) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-04ffc3255e82b26a3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group test.fugoone (sg-04ffc3255e82b26a3) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0cc85defb9824bf46 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group newdemo (sg-0cc85defb9824bf46) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0a5358451ab8eb31f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-05621c06837212db5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group fugo office network (sg-05621c06837212db5) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-08b7370c7d1c12ab6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group Workspace (sg-08b7370c7d1c12ab6) has Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0b6c9695323ec455c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0d60b8f6ae7a1dc83 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0b519b5e6321a2762 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group RDP_NEW (sg-0b519b5e6321a2762) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0b6ae40bc40a05870 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group default (sg-0b6ae40bc40a05870) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-07134278bb62c54e5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group tittle.fugoone.com (sg-07134278bb62c54e5) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-04819898c1b060625 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group launch-wizard-1 (sg-04819898c1b060625) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-04e2e7f5507ea7337 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-05f377a970051f352 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0e4aa2f9d569fca18 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-03cd1691502cec67e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group windows (sg-03cd1691502cec67e) has Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0cae57cb9099fc6de |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0dccfce9d4a0c9e60 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0b491bea1db5b5666 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group Windows_Mig_test (sg-0b491bea1db5b5666) has Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0ee48f91f8164b5d9 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0209ccd9248b69ece |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-055f2fcdabec8a369 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group default (sg-055f2fcdabec8a369) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-076ae3302eae38eae |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-04025f2ff76e7bd88 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group test (sg-04025f2ff76e7bd88) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0129ef8098ddb64c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group monitoring-sg (sg-0129ef8098ddb64c3) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0eadf6ec31f93bb8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0491433bb7e2de88d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0c2892864e591824e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group PMS-app-server (sg-0c2892864e591824e) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-06c3a17fe51c9de61 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0fdf571c639c4ea8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0ac53cbf0ab180e84 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-054a81357c28e6fb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0d900345b2583fc49 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group fugoservices-web (sg-0d900345b2583fc49) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-039c5bcf6bdfe954d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0a7e5947d6d3ab692 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group default (sg-0a7e5947d6d3ab692) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-000e6b51a965ce764 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group wazuh (sg-000e6b51a965ce764) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-02aac871f20a48d69 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0299cd0cdfa6599bc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group knowfugo-database (sg-0299cd0cdfa6599bc) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0b5898998ef0f0040 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0f1b0a1ae6ee72a6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0682fefbab8f20c19 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-03f8863db5b89f3cc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0b599093e3e3c4c6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-007e9f3f5e6a7dda2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group knowfugo (sg-007e9f3f5e6a7dda2) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0937aff6d72c24a45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group stagng_knowfugo (sg-0937aff6d72c24a45) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-08121f893f2d89138 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-048bccd7d49e2c556 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0325f3fdbd7f4ae04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group Demo-audit (sg-0325f3fdbd7f4ae04) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0f8abce01b2b398db |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group Audit-Bastion (sg-0f8abce01b2b398db) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0f05243b7bf9d3257 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-04edb80657ca25b45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group BASION host (sg-04edb80657ca25b45) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-01ddee8f2302669c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group api.fugoone.com (sg-01ddee8f2302669c3) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-01d6b0b12ee726a22 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group audit-demo-lb (sg-01d6b0b12ee726a22) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-01063b292cec3ec8c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group FUGO-AD (sg-01063b292cec3ec8c) has Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0e1e536387953fb6b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group New_example_fugoone (sg-0e1e536387953fb6b) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-044d5380ff0b25acd |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0a2c2913bff2400c2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group KNOW-ELB (sg-0a2c2913bff2400c2) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0532d1ee42b3f4636 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group test-fugoone-db (sg-0532d1ee42b3f4636) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0f44652776af161f8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group demo-audit-rds-sg (sg-0f44652776af161f8) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0c2a1b648c8879fe5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-08c854f0f6d88954f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-031db14f807d2b614 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0ebcd60f472f0e59d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-c9844db7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group default (sg-c9844db7) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-b52739cb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group default (sg-b52739cb) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-central-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-6cab7d09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group default (sg-6cab7d09) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-north-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-c92874a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group default (sg-c92874a2) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-31d72b79 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group default (sg-31d72b79) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-4b2ddf2a |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group default (sg-4b2ddf2a) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-7aaf9417 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group default (sg-7aaf9417) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
sa-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-f82f8285 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group default (sg-f82f8285) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0236a454c87e868a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group d-906769962c_controllers (sg-0236a454c87e868a2) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-050d9187f381d2f0b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group default (sg-050d9187f381d2f0b) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-7a00c82f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group default (sg-7a00c82f) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0bde47bb7dcbff977 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0d3dc664f916e5beb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group Test Instance (sg-0d3dc664f916e5beb) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-00e8dbdcd832c0963 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-b78824d2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group default (sg-b78824d2) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-06bcee4d6827a114b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group launch-wizard-1 (sg-06bcee4d6827a114b) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-d876d4a6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group default (sg-d876d4a6) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-0e76f8d7e9c5345df |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
sg-e0eef6a5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 |
Security group default (sg-e0eef6a5) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-a7a8a2d7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group default (sg-a7a8a2d7) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0781bb66 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group default (sg-0781bb66) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-3bd72a56 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group default (sg-3bd72a56) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-051bc89f00d84ba5d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group default (sg-051bc89f00d84ba5d) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-014e8daa4cc040ec3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group FLTITLE (sg-014e8daa4cc040ec3) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-05c4e006af9e88dce |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group production_instance_24hr (sg-05c4e006af9e88dce) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-090b4a2a1c5868d3f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-00d80536c6f581309 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group poc-new-dr-SG (sg-00d80536c6f581309) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-06bd3c482cfc57740 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group launch-wizard-10 (sg-06bd3c482cfc57740) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0cef5febe99cb6c57 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0e3c03071ed78ed08 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-07032cce3a92d339c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group newexample (sg-07032cce3a92d339c) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-03e9695ce5a0004e3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-01ce2418c7b289616 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-048665d6d0c5ddade |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group launch-wizard-12 (sg-048665d6d0c5ddade) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-031e19902e2a5afdf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group xenia (sg-031e19902e2a5afdf) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-09fe68ed6b5fb3364 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-07fe7a4a585a27114 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0d37f630587326b7e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group launch-wizard-8 (sg-0d37f630587326b7e) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-026aafec6fadbd8c1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-07a7e54c93da1b0bb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0aeb794463e80d4fb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0a229ea3e85856a09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group new-rdp-pub (sg-0a229ea3e85856a09) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-008d5e1c2f6c94baa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-07cb54f5346101b04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-08d49b3fee5eae78f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0ced3f254ff2e2449 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group Production_instance (sg-0ced3f254ff2e2449) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0af3d8b5b8bc880fa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0a9daa8c4e10538d0 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0772c4ae4f2152412 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group launch-wizard-9 (sg-0772c4ae4f2152412) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-091c740915160e014 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group default (sg-091c740915160e014) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0cda5846e51d75406 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-04b71d8fe6f61ac09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-08a830f3818df22d8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-09fc17deef2200543 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group launch-wizard-3 (sg-09fc17deef2200543) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0474afad1cede51c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-16c91a78 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group default (sg-16c91a78) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-03dda95217bd722cf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0b36e9776f84be1b8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0bd7e423fac41eca5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group snatpshot_test (sg-0bd7e423fac41eca5) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-05eb10b1b7df8b201 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group default (sg-05eb10b1b7df8b201) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-094663576a916beb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group Scan (sg-094663576a916beb5) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0cf58d958641ae531 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group FLTITLE-db (sg-0cf58d958641ae531) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-07ca5965527721e2b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group test.fugo.ELB (sg-07ca5965527721e2b) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-04ffc3255e82b26a3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group test.fugoone (sg-04ffc3255e82b26a3) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0cc85defb9824bf46 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group newdemo (sg-0cc85defb9824bf46) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0a5358451ab8eb31f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-05621c06837212db5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group fugo office network (sg-05621c06837212db5) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-08b7370c7d1c12ab6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group Workspace (sg-08b7370c7d1c12ab6) has Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0b6c9695323ec455c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0d60b8f6ae7a1dc83 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0b519b5e6321a2762 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group RDP_NEW (sg-0b519b5e6321a2762) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0b6ae40bc40a05870 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group default (sg-0b6ae40bc40a05870) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-07134278bb62c54e5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group tittle.fugoone.com (sg-07134278bb62c54e5) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-04819898c1b060625 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group launch-wizard-1 (sg-04819898c1b060625) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-04e2e7f5507ea7337 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-05f377a970051f352 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0e4aa2f9d569fca18 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-03cd1691502cec67e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group windows (sg-03cd1691502cec67e) has Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0cae57cb9099fc6de |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0dccfce9d4a0c9e60 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0b491bea1db5b5666 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group Windows_Mig_test (sg-0b491bea1db5b5666) has Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0ee48f91f8164b5d9 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0209ccd9248b69ece |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-055f2fcdabec8a369 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group default (sg-055f2fcdabec8a369) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-076ae3302eae38eae |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-04025f2ff76e7bd88 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group test (sg-04025f2ff76e7bd88) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0129ef8098ddb64c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group monitoring-sg (sg-0129ef8098ddb64c3) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0eadf6ec31f93bb8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0491433bb7e2de88d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0c2892864e591824e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group PMS-app-server (sg-0c2892864e591824e) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-06c3a17fe51c9de61 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0fdf571c639c4ea8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0ac53cbf0ab180e84 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-054a81357c28e6fb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0d900345b2583fc49 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group fugoservices-web (sg-0d900345b2583fc49) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-039c5bcf6bdfe954d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0a7e5947d6d3ab692 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group default (sg-0a7e5947d6d3ab692) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-000e6b51a965ce764 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group wazuh (sg-000e6b51a965ce764) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-02aac871f20a48d69 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0299cd0cdfa6599bc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group knowfugo-database (sg-0299cd0cdfa6599bc) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0b5898998ef0f0040 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0f1b0a1ae6ee72a6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0682fefbab8f20c19 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-03f8863db5b89f3cc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0b599093e3e3c4c6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-007e9f3f5e6a7dda2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group knowfugo (sg-007e9f3f5e6a7dda2) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0937aff6d72c24a45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group stagng_knowfugo (sg-0937aff6d72c24a45) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-08121f893f2d89138 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-048bccd7d49e2c556 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0325f3fdbd7f4ae04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group Demo-audit (sg-0325f3fdbd7f4ae04) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0f8abce01b2b398db |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group Audit-Bastion (sg-0f8abce01b2b398db) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0f05243b7bf9d3257 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-04edb80657ca25b45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group BASION host (sg-04edb80657ca25b45) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-01ddee8f2302669c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group api.fugoone.com (sg-01ddee8f2302669c3) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-01d6b0b12ee726a22 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group audit-demo-lb (sg-01d6b0b12ee726a22) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-01063b292cec3ec8c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group FUGO-AD (sg-01063b292cec3ec8c) has Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0e1e536387953fb6b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group New_example_fugoone (sg-0e1e536387953fb6b) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-044d5380ff0b25acd |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0a2c2913bff2400c2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group KNOW-ELB (sg-0a2c2913bff2400c2) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0532d1ee42b3f4636 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group test-fugoone-db (sg-0532d1ee42b3f4636) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0f44652776af161f8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group demo-audit-rds-sg (sg-0f44652776af161f8) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0c2a1b648c8879fe5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-08c854f0f6d88954f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-031db14f807d2b614 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0ebcd60f472f0e59d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-c9844db7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group default (sg-c9844db7) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-b52739cb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group default (sg-b52739cb) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-central-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-6cab7d09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group default (sg-6cab7d09) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-north-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-c92874a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group default (sg-c92874a2) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-31d72b79 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group default (sg-31d72b79) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-4b2ddf2a |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group default (sg-4b2ddf2a) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-7aaf9417 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group default (sg-7aaf9417) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
sa-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-f82f8285 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group default (sg-f82f8285) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0236a454c87e868a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group d-906769962c_controllers (sg-0236a454c87e868a2) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-050d9187f381d2f0b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group default (sg-050d9187f381d2f0b) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-7a00c82f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group default (sg-7a00c82f) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0bde47bb7dcbff977 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0d3dc664f916e5beb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group Test Instance (sg-0d3dc664f916e5beb) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-00e8dbdcd832c0963 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-b78824d2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group default (sg-b78824d2) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-06bcee4d6827a114b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group launch-wizard-1 (sg-06bcee4d6827a114b) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-d876d4a6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group default (sg-d876d4a6) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-0e76f8d7e9c5345df |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
sg-e0eef6a5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. |
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 |
Security group default (sg-e0eef6a5) has not Telnet port 23 open to the Internet. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-a7a8a2d7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group default (sg-a7a8a2d7) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0781bb66 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group default (sg-0781bb66) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-3bd72a56 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group default (sg-3bd72a56) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-051bc89f00d84ba5d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group default (sg-051bc89f00d84ba5d) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-014e8daa4cc040ec3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group FLTITLE (sg-014e8daa4cc040ec3) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-05c4e006af9e88dce |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group production_instance_24hr (sg-05c4e006af9e88dce) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-090b4a2a1c5868d3f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-00d80536c6f581309 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group poc-new-dr-SG (sg-00d80536c6f581309) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-06bd3c482cfc57740 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group launch-wizard-10 (sg-06bd3c482cfc57740) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0cef5febe99cb6c57 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0e3c03071ed78ed08 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-07032cce3a92d339c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group newexample (sg-07032cce3a92d339c) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-03e9695ce5a0004e3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-01ce2418c7b289616 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-048665d6d0c5ddade |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group launch-wizard-12 (sg-048665d6d0c5ddade) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-031e19902e2a5afdf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group xenia (sg-031e19902e2a5afdf) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-09fe68ed6b5fb3364 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-07fe7a4a585a27114 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0d37f630587326b7e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group launch-wizard-8 (sg-0d37f630587326b7e) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-026aafec6fadbd8c1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-07a7e54c93da1b0bb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0aeb794463e80d4fb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0a229ea3e85856a09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group new-rdp-pub (sg-0a229ea3e85856a09) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-008d5e1c2f6c94baa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-07cb54f5346101b04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-08d49b3fee5eae78f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0ced3f254ff2e2449 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group Production_instance (sg-0ced3f254ff2e2449) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0af3d8b5b8bc880fa |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0a9daa8c4e10538d0 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0772c4ae4f2152412 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group launch-wizard-9 (sg-0772c4ae4f2152412) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-091c740915160e014 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group default (sg-091c740915160e014) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0cda5846e51d75406 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-04b71d8fe6f61ac09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-08a830f3818df22d8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-09fc17deef2200543 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group launch-wizard-3 (sg-09fc17deef2200543) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0474afad1cede51c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-16c91a78 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group default (sg-16c91a78) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-03dda95217bd722cf |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0b36e9776f84be1b8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0bd7e423fac41eca5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group snatpshot_test (sg-0bd7e423fac41eca5) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-05eb10b1b7df8b201 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group default (sg-05eb10b1b7df8b201) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-094663576a916beb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group Scan (sg-094663576a916beb5) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0cf58d958641ae531 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group FLTITLE-db (sg-0cf58d958641ae531) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-07ca5965527721e2b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group test.fugo.ELB (sg-07ca5965527721e2b) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-04ffc3255e82b26a3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group test.fugoone (sg-04ffc3255e82b26a3) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0cc85defb9824bf46 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group newdemo (sg-0cc85defb9824bf46) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0a5358451ab8eb31f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-05621c06837212db5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group fugo office network (sg-05621c06837212db5) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-08b7370c7d1c12ab6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group Workspace (sg-08b7370c7d1c12ab6) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0b6c9695323ec455c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0d60b8f6ae7a1dc83 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0b519b5e6321a2762 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group RDP_NEW (sg-0b519b5e6321a2762) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0b6ae40bc40a05870 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group default (sg-0b6ae40bc40a05870) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-07134278bb62c54e5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group tittle.fugoone.com (sg-07134278bb62c54e5) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-04819898c1b060625 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group launch-wizard-1 (sg-04819898c1b060625) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-04e2e7f5507ea7337 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-05f377a970051f352 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0e4aa2f9d569fca18 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-03cd1691502cec67e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group windows (sg-03cd1691502cec67e) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0cae57cb9099fc6de |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0dccfce9d4a0c9e60 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0b491bea1db5b5666 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group Windows_Mig_test (sg-0b491bea1db5b5666) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0ee48f91f8164b5d9 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0209ccd9248b69ece |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-055f2fcdabec8a369 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group default (sg-055f2fcdabec8a369) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-076ae3302eae38eae |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-04025f2ff76e7bd88 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group test (sg-04025f2ff76e7bd88) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0129ef8098ddb64c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group monitoring-sg (sg-0129ef8098ddb64c3) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0eadf6ec31f93bb8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0491433bb7e2de88d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0c2892864e591824e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group PMS-app-server (sg-0c2892864e591824e) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-06c3a17fe51c9de61 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0fdf571c639c4ea8f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0ac53cbf0ab180e84 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-054a81357c28e6fb5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0d900345b2583fc49 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group fugoservices-web (sg-0d900345b2583fc49) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-039c5bcf6bdfe954d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0a7e5947d6d3ab692 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group default (sg-0a7e5947d6d3ab692) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-000e6b51a965ce764 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group wazuh (sg-000e6b51a965ce764) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-02aac871f20a48d69 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0299cd0cdfa6599bc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group knowfugo-database (sg-0299cd0cdfa6599bc) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0b5898998ef0f0040 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0f1b0a1ae6ee72a6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0682fefbab8f20c19 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-03f8863db5b89f3cc |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0b599093e3e3c4c6e |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-007e9f3f5e6a7dda2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group knowfugo (sg-007e9f3f5e6a7dda2) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0937aff6d72c24a45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group stagng_knowfugo (sg-0937aff6d72c24a45) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-08121f893f2d89138 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-048bccd7d49e2c556 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0325f3fdbd7f4ae04 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group Demo-audit (sg-0325f3fdbd7f4ae04) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0f8abce01b2b398db |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group Audit-Bastion (sg-0f8abce01b2b398db) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0f05243b7bf9d3257 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-04edb80657ca25b45 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group BASION host (sg-04edb80657ca25b45) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-01ddee8f2302669c3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group api.fugoone.com (sg-01ddee8f2302669c3) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-01d6b0b12ee726a22 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group audit-demo-lb (sg-01d6b0b12ee726a22) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-01063b292cec3ec8c |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group FUGO-AD (sg-01063b292cec3ec8c) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0e1e536387953fb6b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group New_example_fugoone (sg-0e1e536387953fb6b) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-044d5380ff0b25acd |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0a2c2913bff2400c2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group KNOW-ELB (sg-0a2c2913bff2400c2) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0532d1ee42b3f4636 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group test-fugoone-db (sg-0532d1ee42b3f4636) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0f44652776af161f8 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group demo-audit-rds-sg (sg-0f44652776af161f8) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0c2a1b648c8879fe5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-08c854f0f6d88954f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-031db14f807d2b614 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0ebcd60f472f0e59d |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-c9844db7 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group default (sg-c9844db7) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-b52739cb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group default (sg-b52739cb) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-central-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-6cab7d09 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group default (sg-6cab7d09) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-north-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-c92874a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group default (sg-c92874a2) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-31d72b79 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group default (sg-31d72b79) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-4b2ddf2a |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group default (sg-4b2ddf2a) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-3 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-7aaf9417 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group default (sg-7aaf9417) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
sa-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-f82f8285 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group default (sg-f82f8285) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0236a454c87e868a2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group d-906769962c_controllers (sg-0236a454c87e868a2) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-050d9187f381d2f0b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group default (sg-050d9187f381d2f0b) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-7a00c82f |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group default (sg-7a00c82f) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0bde47bb7dcbff977 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0d3dc664f916e5beb |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group Test Instance (sg-0d3dc664f916e5beb) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-00e8dbdcd832c0963 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-b78824d2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group default (sg-b78824d2) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-06bcee4d6827a114b |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group launch-wizard-1 (sg-06bcee4d6827a114b) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-d876d4a6 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group default (sg-d876d4a6) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-0e76f8d7e9c5345df |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
sg-e0eef6a5 |
Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. |
ec2_securitygroup_allow_wide_open_public_ipv4 |
Security group default (sg-e0eef6a5) has no potential wide-open non-RFC1918 address. |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-1 |
Ensure the default security group of every VPC restricts all traffic. |
sg-a7a8a2d7 |
Ensure the default security group of every VPC restricts all traffic. |
ec2_securitygroup_default_restrict_traffic |
Default Security Group (sg-a7a8a2d7) is not open to the Internet. |
Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| PASS |
high |
ec2 |
ap-northeast-2 |
Ensure the default security group of every VPC restricts all traffic. |
sg-0781bb66 |
Ensure the default security group of every VPC restricts all traffic. |
ec2_securitygroup_default_restrict_traffic |
Default Security Group (sg-0781bb66) is not open to the Internet. |
Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| PASS |
high |
ec2 |
ap-northeast-3 |
Ensure the default security group of every VPC restricts all traffic. |
sg-3bd72a56 |
Ensure the default security group of every VPC restricts all traffic. |
ec2_securitygroup_default_restrict_traffic |
Default Security Group (sg-3bd72a56) is not open to the Internet. |
Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure the default security group of every VPC restricts all traffic. |
sg-051bc89f00d84ba5d |
Ensure the default security group of every VPC restricts all traffic. |
ec2_securitygroup_default_restrict_traffic |
Default Security Group (sg-051bc89f00d84ba5d) is not open to the Internet. |
Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure the default security group of every VPC restricts all traffic. |
sg-091c740915160e014 |
Ensure the default security group of every VPC restricts all traffic. |
ec2_securitygroup_default_restrict_traffic |
Default Security Group (sg-091c740915160e014) is not open to the Internet. |
Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure the default security group of every VPC restricts all traffic. |
sg-16c91a78 |
Ensure the default security group of every VPC restricts all traffic. |
ec2_securitygroup_default_restrict_traffic |
Default Security Group (sg-16c91a78) is not open to the Internet. |
Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure the default security group of every VPC restricts all traffic. |
sg-05eb10b1b7df8b201 |
Ensure the default security group of every VPC restricts all traffic. |
ec2_securitygroup_default_restrict_traffic |
Default Security Group (sg-05eb10b1b7df8b201) is not open to the Internet. |
Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure the default security group of every VPC restricts all traffic. |
sg-0b6ae40bc40a05870 |
Ensure the default security group of every VPC restricts all traffic. |
ec2_securitygroup_default_restrict_traffic |
Default Security Group (sg-0b6ae40bc40a05870) is not open to the Internet. |
Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure the default security group of every VPC restricts all traffic. |
sg-055f2fcdabec8a369 |
Ensure the default security group of every VPC restricts all traffic. |
ec2_securitygroup_default_restrict_traffic |
Default Security Group (sg-055f2fcdabec8a369) is not open to the Internet. |
Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure the default security group of every VPC restricts all traffic. |
sg-0a7e5947d6d3ab692 |
Ensure the default security group of every VPC restricts all traffic. |
ec2_securitygroup_default_restrict_traffic |
Default Security Group (sg-0a7e5947d6d3ab692) is open to the Internet. |
Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| PASS |
high |
ec2 |
ap-southeast-1 |
Ensure the default security group of every VPC restricts all traffic. |
sg-c9844db7 |
Ensure the default security group of every VPC restricts all traffic. |
ec2_securitygroup_default_restrict_traffic |
Default Security Group (sg-c9844db7) is not open to the Internet. |
Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| PASS |
high |
ec2 |
ap-southeast-2 |
Ensure the default security group of every VPC restricts all traffic. |
sg-b52739cb |
Ensure the default security group of every VPC restricts all traffic. |
ec2_securitygroup_default_restrict_traffic |
Default Security Group (sg-b52739cb) is not open to the Internet. |
Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| PASS |
high |
ec2 |
eu-central-1 |
Ensure the default security group of every VPC restricts all traffic. |
sg-6cab7d09 |
Ensure the default security group of every VPC restricts all traffic. |
ec2_securitygroup_default_restrict_traffic |
Default Security Group (sg-6cab7d09) is not open to the Internet. |
Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| PASS |
high |
ec2 |
eu-north-1 |
Ensure the default security group of every VPC restricts all traffic. |
sg-c92874a2 |
Ensure the default security group of every VPC restricts all traffic. |
ec2_securitygroup_default_restrict_traffic |
Default Security Group (sg-c92874a2) is not open to the Internet. |
Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| PASS |
high |
ec2 |
eu-west-1 |
Ensure the default security group of every VPC restricts all traffic. |
sg-31d72b79 |
Ensure the default security group of every VPC restricts all traffic. |
ec2_securitygroup_default_restrict_traffic |
Default Security Group (sg-31d72b79) is not open to the Internet. |
Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| PASS |
high |
ec2 |
eu-west-2 |
Ensure the default security group of every VPC restricts all traffic. |
sg-4b2ddf2a |
Ensure the default security group of every VPC restricts all traffic. |
ec2_securitygroup_default_restrict_traffic |
Default Security Group (sg-4b2ddf2a) is not open to the Internet. |
Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| PASS |
high |
ec2 |
eu-west-3 |
Ensure the default security group of every VPC restricts all traffic. |
sg-7aaf9417 |
Ensure the default security group of every VPC restricts all traffic. |
ec2_securitygroup_default_restrict_traffic |
Default Security Group (sg-7aaf9417) is not open to the Internet. |
Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| PASS |
high |
ec2 |
sa-east-1 |
Ensure the default security group of every VPC restricts all traffic. |
sg-f82f8285 |
Ensure the default security group of every VPC restricts all traffic. |
ec2_securitygroup_default_restrict_traffic |
Default Security Group (sg-f82f8285) is not open to the Internet. |
Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure the default security group of every VPC restricts all traffic. |
sg-050d9187f381d2f0b |
Ensure the default security group of every VPC restricts all traffic. |
ec2_securitygroup_default_restrict_traffic |
Default Security Group (sg-050d9187f381d2f0b) is not open to the Internet. |
Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure the default security group of every VPC restricts all traffic. |
sg-7a00c82f |
Ensure the default security group of every VPC restricts all traffic. |
ec2_securitygroup_default_restrict_traffic |
Default Security Group (sg-7a00c82f) is not open to the Internet. |
Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure the default security group of every VPC restricts all traffic. |
sg-b78824d2 |
Ensure the default security group of every VPC restricts all traffic. |
ec2_securitygroup_default_restrict_traffic |
Default Security Group (sg-b78824d2) is not open to the Internet. |
Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure the default security group of every VPC restricts all traffic. |
sg-d876d4a6 |
Ensure the default security group of every VPC restricts all traffic. |
ec2_securitygroup_default_restrict_traffic |
Default Security Group (sg-d876d4a6) is not open to the Internet. |
Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure the default security group of every VPC restricts all traffic. |
sg-e0eef6a5 |
Ensure the default security group of every VPC restricts all traffic. |
ec2_securitygroup_default_restrict_traffic |
Default Security Group (sg-e0eef6a5) is not open to the Internet. |
Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance. |
Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required. |
|
| PASS |
medium |
ec2 |
ap-northeast-1 |
Security Groups created by EC2 Launch Wizard. |
sg-a7a8a2d7 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group default (sg-a7a8a2d7) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-northeast-2 |
Security Groups created by EC2 Launch Wizard. |
sg-0781bb66 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group default (sg-0781bb66) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-northeast-3 |
Security Groups created by EC2 Launch Wizard. |
sg-3bd72a56 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group default (sg-3bd72a56) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-051bc89f00d84ba5d |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group default (sg-051bc89f00d84ba5d) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-014e8daa4cc040ec3 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group FLTITLE (sg-014e8daa4cc040ec3) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-05c4e006af9e88dce |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group production_instance_24hr (sg-05c4e006af9e88dce) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-090b4a2a1c5868d3f |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-00d80536c6f581309 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group poc-new-dr-SG (sg-00d80536c6f581309) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-06bd3c482cfc57740 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group launch-wizard-10 (sg-06bd3c482cfc57740) was created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0cef5febe99cb6c57 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group launch-wizard-2 (sg-0cef5febe99cb6c57) was created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0e3c03071ed78ed08 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group launch-wizard-7 (sg-0e3c03071ed78ed08) was created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-07032cce3a92d339c |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group newexample (sg-07032cce3a92d339c) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-03e9695ce5a0004e3 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-01ce2418c7b289616 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-048665d6d0c5ddade |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group launch-wizard-12 (sg-048665d6d0c5ddade) was created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-031e19902e2a5afdf |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group xenia (sg-031e19902e2a5afdf) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-09fe68ed6b5fb3364 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-07fe7a4a585a27114 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0d37f630587326b7e |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group launch-wizard-8 (sg-0d37f630587326b7e) was created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-026aafec6fadbd8c1 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group launch-wizard-6 (sg-026aafec6fadbd8c1) was created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-07a7e54c93da1b0bb |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0aeb794463e80d4fb |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0a229ea3e85856a09 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group new-rdp-pub (sg-0a229ea3e85856a09) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-008d5e1c2f6c94baa |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-07cb54f5346101b04 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-08d49b3fee5eae78f |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0ced3f254ff2e2449 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group Production_instance (sg-0ced3f254ff2e2449) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0af3d8b5b8bc880fa |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0a9daa8c4e10538d0 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0772c4ae4f2152412 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group launch-wizard-9 (sg-0772c4ae4f2152412) was created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-091c740915160e014 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group default (sg-091c740915160e014) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0cda5846e51d75406 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group Test Ubuntu Instance (sg-0cda5846e51d75406) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-04b71d8fe6f61ac09 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-08a830f3818df22d8 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-09fc17deef2200543 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group launch-wizard-3 (sg-09fc17deef2200543) was created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0474afad1cede51c3 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-16c91a78 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group default (sg-16c91a78) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-03dda95217bd722cf |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0b36e9776f84be1b8 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0bd7e423fac41eca5 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group snatpshot_test (sg-0bd7e423fac41eca5) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-05eb10b1b7df8b201 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group default (sg-05eb10b1b7df8b201) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-094663576a916beb5 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group Scan (sg-094663576a916beb5) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0cf58d958641ae531 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group FLTITLE-db (sg-0cf58d958641ae531) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-07ca5965527721e2b |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group test.fugo.ELB (sg-07ca5965527721e2b) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-04ffc3255e82b26a3 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group test.fugoone (sg-04ffc3255e82b26a3) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0cc85defb9824bf46 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group newdemo (sg-0cc85defb9824bf46) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0a5358451ab8eb31f |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-05621c06837212db5 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group fugo office network (sg-05621c06837212db5) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-08b7370c7d1c12ab6 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group Workspace (sg-08b7370c7d1c12ab6) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0b6c9695323ec455c |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0d60b8f6ae7a1dc83 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) was created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0b519b5e6321a2762 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group RDP_NEW (sg-0b519b5e6321a2762) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0b6ae40bc40a05870 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group default (sg-0b6ae40bc40a05870) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-07134278bb62c54e5 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group tittle.fugoone.com (sg-07134278bb62c54e5) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-04819898c1b060625 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group launch-wizard-1 (sg-04819898c1b060625) was created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-04e2e7f5507ea7337 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group launch-wizard-4 (sg-04e2e7f5507ea7337) was created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-05f377a970051f352 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0e4aa2f9d569fca18 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-03cd1691502cec67e |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group windows (sg-03cd1691502cec67e) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0cae57cb9099fc6de |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0dccfce9d4a0c9e60 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group FUGO SALES (sg-0dccfce9d4a0c9e60) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0b491bea1db5b5666 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group Windows_Mig_test (sg-0b491bea1db5b5666) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0ee48f91f8164b5d9 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group knowfugo-LB (sg-0ee48f91f8164b5d9) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0209ccd9248b69ece |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group FUGO-Production-DB (sg-0209ccd9248b69ece) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-055f2fcdabec8a369 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group default (sg-055f2fcdabec8a369) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-076ae3302eae38eae |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-04025f2ff76e7bd88 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group test (sg-04025f2ff76e7bd88) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0129ef8098ddb64c3 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group monitoring-sg (sg-0129ef8098ddb64c3) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0eadf6ec31f93bb8f |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0491433bb7e2de88d |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0c2892864e591824e |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group PMS-app-server (sg-0c2892864e591824e) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-06c3a17fe51c9de61 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0fdf571c639c4ea8f |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0ac53cbf0ab180e84 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-054a81357c28e6fb5 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group FUGO-staging-SG (sg-054a81357c28e6fb5) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0d900345b2583fc49 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group fugoservices-web (sg-0d900345b2583fc49) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-039c5bcf6bdfe954d |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0a7e5947d6d3ab692 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group default (sg-0a7e5947d6d3ab692) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-000e6b51a965ce764 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group wazuh (sg-000e6b51a965ce764) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-02aac871f20a48d69 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0299cd0cdfa6599bc |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group knowfugo-database (sg-0299cd0cdfa6599bc) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0b5898998ef0f0040 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0f1b0a1ae6ee72a6e |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0682fefbab8f20c19 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group newexamplefugoonecome (sg-0682fefbab8f20c19) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-03f8863db5b89f3cc |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| FAIL |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0b599093e3e3c4c6e |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) was created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-007e9f3f5e6a7dda2 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group knowfugo (sg-007e9f3f5e6a7dda2) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0937aff6d72c24a45 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group stagng_knowfugo (sg-0937aff6d72c24a45) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-08121f893f2d89138 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-048bccd7d49e2c556 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0325f3fdbd7f4ae04 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group Demo-audit (sg-0325f3fdbd7f4ae04) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0f8abce01b2b398db |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group Audit-Bastion (sg-0f8abce01b2b398db) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0f05243b7bf9d3257 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group FLTITLE-1 (sg-0f05243b7bf9d3257) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-04edb80657ca25b45 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group BASION host (sg-04edb80657ca25b45) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-01ddee8f2302669c3 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group api.fugoone.com (sg-01ddee8f2302669c3) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-01d6b0b12ee726a22 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group audit-demo-lb (sg-01d6b0b12ee726a22) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-01063b292cec3ec8c |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group FUGO-AD (sg-01063b292cec3ec8c) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0e1e536387953fb6b |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group New_example_fugoone (sg-0e1e536387953fb6b) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-044d5380ff0b25acd |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group WFGBlocks_SG (sg-044d5380ff0b25acd) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0a2c2913bff2400c2 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group KNOW-ELB (sg-0a2c2913bff2400c2) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0532d1ee42b3f4636 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group test-fugoone-db (sg-0532d1ee42b3f4636) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0f44652776af161f8 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group demo-audit-rds-sg (sg-0f44652776af161f8) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0c2a1b648c8879fe5 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-08c854f0f6d88954f |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-031db14f807d2b614 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group FUGO-Production-APP-server (sg-031db14f807d2b614) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-south-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0ebcd60f472f0e59d |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-southeast-1 |
Security Groups created by EC2 Launch Wizard. |
sg-c9844db7 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group default (sg-c9844db7) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
ap-southeast-2 |
Security Groups created by EC2 Launch Wizard. |
sg-b52739cb |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group default (sg-b52739cb) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
eu-central-1 |
Security Groups created by EC2 Launch Wizard. |
sg-6cab7d09 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group default (sg-6cab7d09) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
eu-north-1 |
Security Groups created by EC2 Launch Wizard. |
sg-c92874a2 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group default (sg-c92874a2) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
eu-west-1 |
Security Groups created by EC2 Launch Wizard. |
sg-31d72b79 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group default (sg-31d72b79) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
eu-west-2 |
Security Groups created by EC2 Launch Wizard. |
sg-4b2ddf2a |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group default (sg-4b2ddf2a) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
eu-west-3 |
Security Groups created by EC2 Launch Wizard. |
sg-7aaf9417 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group default (sg-7aaf9417) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
sa-east-1 |
Security Groups created by EC2 Launch Wizard. |
sg-f82f8285 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group default (sg-f82f8285) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
us-east-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0236a454c87e868a2 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group d-906769962c_controllers (sg-0236a454c87e868a2) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
us-east-1 |
Security Groups created by EC2 Launch Wizard. |
sg-050d9187f381d2f0b |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group default (sg-050d9187f381d2f0b) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
us-east-1 |
Security Groups created by EC2 Launch Wizard. |
sg-7a00c82f |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group default (sg-7a00c82f) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
us-east-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0bde47bb7dcbff977 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
us-east-1 |
Security Groups created by EC2 Launch Wizard. |
sg-0d3dc664f916e5beb |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group Test Instance (sg-0d3dc664f916e5beb) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| FAIL |
medium |
ec2 |
us-east-2 |
Security Groups created by EC2 Launch Wizard. |
sg-00e8dbdcd832c0963 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group launch-wizard-1 (sg-00e8dbdcd832c0963) was created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
us-east-2 |
Security Groups created by EC2 Launch Wizard. |
sg-b78824d2 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group default (sg-b78824d2) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| FAIL |
medium |
ec2 |
us-west-1 |
Security Groups created by EC2 Launch Wizard. |
sg-06bcee4d6827a114b |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group launch-wizard-1 (sg-06bcee4d6827a114b) was created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
us-west-1 |
Security Groups created by EC2 Launch Wizard. |
sg-d876d4a6 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group default (sg-d876d4a6) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| FAIL |
medium |
ec2 |
us-west-2 |
Security Groups created by EC2 Launch Wizard. |
sg-0e76f8d7e9c5345df |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) was created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
medium |
ec2 |
us-west-2 |
Security Groups created by EC2 Launch Wizard. |
sg-e0eef6a5 |
Security Groups created by EC2 Launch Wizard. |
ec2_securitygroup_from_launch_wizard |
Security group default (sg-e0eef6a5) was not created using the EC2 Launch Wizard. |
Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0. |
Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group. |
|
| PASS |
high |
ec2 |
ap-northeast-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-a7a8a2d7 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group default (sg-a7a8a2d7) has ingress filtering. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| PASS |
high |
ec2 |
ap-northeast-2 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0781bb66 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group default (sg-0781bb66) has ingress filtering. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| PASS |
high |
ec2 |
ap-northeast-3 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-3bd72a56 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group default (sg-3bd72a56) has ingress filtering. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-051bc89f00d84ba5d |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group default (sg-051bc89f00d84ba5d) has ingress filtering. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-014e8daa4cc040ec3 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group FLTITLE (sg-014e8daa4cc040ec3) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-05c4e006af9e88dce |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group production_instance_24hr (sg-05c4e006af9e88dce) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-090b4a2a1c5868d3f |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-00d80536c6f581309 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group poc-new-dr-SG (sg-00d80536c6f581309) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-06bd3c482cfc57740 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group launch-wizard-10 (sg-06bd3c482cfc57740) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0cef5febe99cb6c57 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0e3c03071ed78ed08 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-07032cce3a92d339c |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group newexample (sg-07032cce3a92d339c) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-03e9695ce5a0004e3 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-01ce2418c7b289616 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-048665d6d0c5ddade |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group launch-wizard-12 (sg-048665d6d0c5ddade) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-031e19902e2a5afdf |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group xenia (sg-031e19902e2a5afdf) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-09fe68ed6b5fb3364 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-07fe7a4a585a27114 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0d37f630587326b7e |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group launch-wizard-8 (sg-0d37f630587326b7e) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-026aafec6fadbd8c1 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-07a7e54c93da1b0bb |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0aeb794463e80d4fb |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0a229ea3e85856a09 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group new-rdp-pub (sg-0a229ea3e85856a09) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-008d5e1c2f6c94baa |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-07cb54f5346101b04 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-08d49b3fee5eae78f |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has ingress filtering. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0ced3f254ff2e2449 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group Production_instance (sg-0ced3f254ff2e2449) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0af3d8b5b8bc880fa |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0a9daa8c4e10538d0 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0772c4ae4f2152412 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group launch-wizard-9 (sg-0772c4ae4f2152412) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-091c740915160e014 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group default (sg-091c740915160e014) has ingress filtering. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0cda5846e51d75406 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-04b71d8fe6f61ac09 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-08a830f3818df22d8 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-09fc17deef2200543 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group launch-wizard-3 (sg-09fc17deef2200543) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0474afad1cede51c3 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has ingress filtering. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-16c91a78 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group default (sg-16c91a78) has ingress filtering. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-03dda95217bd722cf |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0b36e9776f84be1b8 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0bd7e423fac41eca5 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group snatpshot_test (sg-0bd7e423fac41eca5) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-05eb10b1b7df8b201 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group default (sg-05eb10b1b7df8b201) has ingress filtering. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-094663576a916beb5 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group Scan (sg-094663576a916beb5) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0cf58d958641ae531 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group FLTITLE-db (sg-0cf58d958641ae531) has ingress filtering. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-07ca5965527721e2b |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group test.fugo.ELB (sg-07ca5965527721e2b) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-04ffc3255e82b26a3 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group test.fugoone (sg-04ffc3255e82b26a3) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0cc85defb9824bf46 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group newdemo (sg-0cc85defb9824bf46) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0a5358451ab8eb31f |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-05621c06837212db5 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group fugo office network (sg-05621c06837212db5) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-08b7370c7d1c12ab6 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group Workspace (sg-08b7370c7d1c12ab6) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0b6c9695323ec455c |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0d60b8f6ae7a1dc83 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0b519b5e6321a2762 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group RDP_NEW (sg-0b519b5e6321a2762) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0b6ae40bc40a05870 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group default (sg-0b6ae40bc40a05870) has ingress filtering. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-07134278bb62c54e5 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group tittle.fugoone.com (sg-07134278bb62c54e5) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-04819898c1b060625 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group launch-wizard-1 (sg-04819898c1b060625) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-04e2e7f5507ea7337 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-05f377a970051f352 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0e4aa2f9d569fca18 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has ingress filtering. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-03cd1691502cec67e |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group windows (sg-03cd1691502cec67e) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0cae57cb9099fc6de |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0dccfce9d4a0c9e60 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0b491bea1db5b5666 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group Windows_Mig_test (sg-0b491bea1db5b5666) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0ee48f91f8164b5d9 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0209ccd9248b69ece |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has ingress filtering. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-055f2fcdabec8a369 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group default (sg-055f2fcdabec8a369) has ingress filtering. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-076ae3302eae38eae |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-04025f2ff76e7bd88 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group test (sg-04025f2ff76e7bd88) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0129ef8098ddb64c3 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group monitoring-sg (sg-0129ef8098ddb64c3) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0eadf6ec31f93bb8f |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0491433bb7e2de88d |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0c2892864e591824e |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group PMS-app-server (sg-0c2892864e591824e) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-06c3a17fe51c9de61 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0fdf571c639c4ea8f |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0ac53cbf0ab180e84 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-054a81357c28e6fb5 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0d900345b2583fc49 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group fugoservices-web (sg-0d900345b2583fc49) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-039c5bcf6bdfe954d |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0a7e5947d6d3ab692 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group default (sg-0a7e5947d6d3ab692) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-000e6b51a965ce764 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group wazuh (sg-000e6b51a965ce764) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-02aac871f20a48d69 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0299cd0cdfa6599bc |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group knowfugo-database (sg-0299cd0cdfa6599bc) has ingress filtering. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0b5898998ef0f0040 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0f1b0a1ae6ee72a6e |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has ingress filtering. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0682fefbab8f20c19 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-03f8863db5b89f3cc |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0b599093e3e3c4c6e |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-007e9f3f5e6a7dda2 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group knowfugo (sg-007e9f3f5e6a7dda2) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0937aff6d72c24a45 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group stagng_knowfugo (sg-0937aff6d72c24a45) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-08121f893f2d89138 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-048bccd7d49e2c556 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0325f3fdbd7f4ae04 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group Demo-audit (sg-0325f3fdbd7f4ae04) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0f8abce01b2b398db |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group Audit-Bastion (sg-0f8abce01b2b398db) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0f05243b7bf9d3257 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-04edb80657ca25b45 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group BASION host (sg-04edb80657ca25b45) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-01ddee8f2302669c3 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group api.fugoone.com (sg-01ddee8f2302669c3) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-01d6b0b12ee726a22 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group audit-demo-lb (sg-01d6b0b12ee726a22) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-01063b292cec3ec8c |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group FUGO-AD (sg-01063b292cec3ec8c) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0e1e536387953fb6b |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group New_example_fugoone (sg-0e1e536387953fb6b) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-044d5380ff0b25acd |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0a2c2913bff2400c2 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group KNOW-ELB (sg-0a2c2913bff2400c2) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0532d1ee42b3f4636 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group test-fugoone-db (sg-0532d1ee42b3f4636) has ingress filtering. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0f44652776af161f8 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group demo-audit-rds-sg (sg-0f44652776af161f8) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0c2a1b648c8879fe5 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-08c854f0f6d88954f |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-031db14f807d2b614 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
ap-south-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0ebcd60f472f0e59d |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| PASS |
high |
ec2 |
ap-southeast-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-c9844db7 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group default (sg-c9844db7) has ingress filtering. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| PASS |
high |
ec2 |
ap-southeast-2 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-b52739cb |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group default (sg-b52739cb) has ingress filtering. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| PASS |
high |
ec2 |
eu-central-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-6cab7d09 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group default (sg-6cab7d09) has ingress filtering. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| PASS |
high |
ec2 |
eu-north-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-c92874a2 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group default (sg-c92874a2) has ingress filtering. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| PASS |
high |
ec2 |
eu-west-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-31d72b79 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group default (sg-31d72b79) has ingress filtering. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| PASS |
high |
ec2 |
eu-west-2 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-4b2ddf2a |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group default (sg-4b2ddf2a) has ingress filtering. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| PASS |
high |
ec2 |
eu-west-3 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-7aaf9417 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group default (sg-7aaf9417) has ingress filtering. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| PASS |
high |
ec2 |
sa-east-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-f82f8285 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group default (sg-f82f8285) has ingress filtering. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0236a454c87e868a2 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group d-906769962c_controllers (sg-0236a454c87e868a2) has ingress filtering. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-050d9187f381d2f0b |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group default (sg-050d9187f381d2f0b) has ingress filtering. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| PASS |
high |
ec2 |
us-east-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-7a00c82f |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group default (sg-7a00c82f) has ingress filtering. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
us-east-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0bde47bb7dcbff977 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has no ingress filtering and it is being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
us-east-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0d3dc664f916e5beb |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group Test Instance (sg-0d3dc664f916e5beb) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
us-east-2 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-00e8dbdcd832c0963 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| PASS |
high |
ec2 |
us-east-2 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-b78824d2 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group default (sg-b78824d2) has ingress filtering. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
us-west-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-06bcee4d6827a114b |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group launch-wizard-1 (sg-06bcee4d6827a114b) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| PASS |
high |
ec2 |
us-west-1 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-d876d4a6 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group default (sg-d876d4a6) has ingress filtering. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
high |
ec2 |
us-west-2 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-0e76f8d7e9c5345df |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has no ingress filtering and it is not being used. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| PASS |
high |
ec2 |
us-west-2 |
Ensure there are no Security Groups without ingress filtering being used. |
sg-e0eef6a5 |
Ensure there are no Security Groups without ingress filtering being used. |
ec2_securitygroup_in_use_without_ingress_filtering |
Security group default (sg-e0eef6a5) has ingress filtering. |
If Security groups are not filtering traffic appropriately the attack surface is increased. |
You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC. |
|
| FAIL |
low |
ec2 |
ap-northeast-1 |
Ensure there are no Security Groups not being used. |
sg-a7a8a2d7 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group default (sg-a7a8a2d7) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-northeast-2 |
Ensure there are no Security Groups not being used. |
sg-0781bb66 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group default (sg-0781bb66) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-northeast-3 |
Ensure there are no Security Groups not being used. |
sg-3bd72a56 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group default (sg-3bd72a56) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-051bc89f00d84ba5d |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group default (sg-051bc89f00d84ba5d) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-014e8daa4cc040ec3 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group FLTITLE (sg-014e8daa4cc040ec3) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-05c4e006af9e88dce |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group production_instance_24hr (sg-05c4e006af9e88dce) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-090b4a2a1c5868d3f |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-00d80536c6f581309 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group poc-new-dr-SG (sg-00d80536c6f581309) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-06bd3c482cfc57740 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group launch-wizard-10 (sg-06bd3c482cfc57740) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0cef5febe99cb6c57 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group launch-wizard-2 (sg-0cef5febe99cb6c57) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0e3c03071ed78ed08 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group launch-wizard-7 (sg-0e3c03071ed78ed08) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-07032cce3a92d339c |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group newexample (sg-07032cce3a92d339c) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-03e9695ce5a0004e3 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-01ce2418c7b289616 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-048665d6d0c5ddade |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group launch-wizard-12 (sg-048665d6d0c5ddade) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-031e19902e2a5afdf |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group xenia (sg-031e19902e2a5afdf) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-09fe68ed6b5fb3364 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-07fe7a4a585a27114 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0d37f630587326b7e |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group launch-wizard-8 (sg-0d37f630587326b7e) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-026aafec6fadbd8c1 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group launch-wizard-6 (sg-026aafec6fadbd8c1) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-07a7e54c93da1b0bb |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0aeb794463e80d4fb |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0a229ea3e85856a09 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group new-rdp-pub (sg-0a229ea3e85856a09) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-008d5e1c2f6c94baa |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-07cb54f5346101b04 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-08d49b3fee5eae78f |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0ced3f254ff2e2449 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group Production_instance (sg-0ced3f254ff2e2449) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0af3d8b5b8bc880fa |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0a9daa8c4e10538d0 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0772c4ae4f2152412 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group launch-wizard-9 (sg-0772c4ae4f2152412) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-091c740915160e014 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group default (sg-091c740915160e014) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0cda5846e51d75406 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group Test Ubuntu Instance (sg-0cda5846e51d75406) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-04b71d8fe6f61ac09 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-08a830f3818df22d8 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-09fc17deef2200543 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group launch-wizard-3 (sg-09fc17deef2200543) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0474afad1cede51c3 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-16c91a78 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group default (sg-16c91a78) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-03dda95217bd722cf |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0b36e9776f84be1b8 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0bd7e423fac41eca5 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group snatpshot_test (sg-0bd7e423fac41eca5) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-05eb10b1b7df8b201 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group default (sg-05eb10b1b7df8b201) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-094663576a916beb5 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group Scan (sg-094663576a916beb5) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0cf58d958641ae531 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group FLTITLE-db (sg-0cf58d958641ae531) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-07ca5965527721e2b |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group test.fugo.ELB (sg-07ca5965527721e2b) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-04ffc3255e82b26a3 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group test.fugoone (sg-04ffc3255e82b26a3) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0cc85defb9824bf46 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group newdemo (sg-0cc85defb9824bf46) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0a5358451ab8eb31f |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-05621c06837212db5 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group fugo office network (sg-05621c06837212db5) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-08b7370c7d1c12ab6 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group Workspace (sg-08b7370c7d1c12ab6) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0b6c9695323ec455c |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0d60b8f6ae7a1dc83 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0b519b5e6321a2762 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group RDP_NEW (sg-0b519b5e6321a2762) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0b6ae40bc40a05870 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group default (sg-0b6ae40bc40a05870) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-07134278bb62c54e5 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group tittle.fugoone.com (sg-07134278bb62c54e5) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-04819898c1b060625 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group launch-wizard-1 (sg-04819898c1b060625) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-04e2e7f5507ea7337 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group launch-wizard-4 (sg-04e2e7f5507ea7337) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-05f377a970051f352 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0e4aa2f9d569fca18 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-03cd1691502cec67e |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group windows (sg-03cd1691502cec67e) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0cae57cb9099fc6de |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0dccfce9d4a0c9e60 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group FUGO SALES (sg-0dccfce9d4a0c9e60) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0b491bea1db5b5666 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group Windows_Mig_test (sg-0b491bea1db5b5666) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0ee48f91f8164b5d9 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group knowfugo-LB (sg-0ee48f91f8164b5d9) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0209ccd9248b69ece |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group FUGO-Production-DB (sg-0209ccd9248b69ece) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-055f2fcdabec8a369 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group default (sg-055f2fcdabec8a369) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-076ae3302eae38eae |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-04025f2ff76e7bd88 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group test (sg-04025f2ff76e7bd88) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0129ef8098ddb64c3 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group monitoring-sg (sg-0129ef8098ddb64c3) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0eadf6ec31f93bb8f |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0491433bb7e2de88d |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0c2892864e591824e |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group PMS-app-server (sg-0c2892864e591824e) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-06c3a17fe51c9de61 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0fdf571c639c4ea8f |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0ac53cbf0ab180e84 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-054a81357c28e6fb5 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group FUGO-staging-SG (sg-054a81357c28e6fb5) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0d900345b2583fc49 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group fugoservices-web (sg-0d900345b2583fc49) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-039c5bcf6bdfe954d |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0a7e5947d6d3ab692 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group default (sg-0a7e5947d6d3ab692) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-000e6b51a965ce764 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group wazuh (sg-000e6b51a965ce764) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-02aac871f20a48d69 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0299cd0cdfa6599bc |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group knowfugo-database (sg-0299cd0cdfa6599bc) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0b5898998ef0f0040 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0f1b0a1ae6ee72a6e |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0682fefbab8f20c19 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group newexamplefugoonecome (sg-0682fefbab8f20c19) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-03f8863db5b89f3cc |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0b599093e3e3c4c6e |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-007e9f3f5e6a7dda2 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group knowfugo (sg-007e9f3f5e6a7dda2) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0937aff6d72c24a45 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group stagng_knowfugo (sg-0937aff6d72c24a45) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-08121f893f2d89138 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-048bccd7d49e2c556 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0325f3fdbd7f4ae04 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group Demo-audit (sg-0325f3fdbd7f4ae04) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0f8abce01b2b398db |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group Audit-Bastion (sg-0f8abce01b2b398db) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0f05243b7bf9d3257 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group FLTITLE-1 (sg-0f05243b7bf9d3257) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-04edb80657ca25b45 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group BASION host (sg-04edb80657ca25b45) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-01ddee8f2302669c3 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group api.fugoone.com (sg-01ddee8f2302669c3) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-01d6b0b12ee726a22 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group audit-demo-lb (sg-01d6b0b12ee726a22) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-01063b292cec3ec8c |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group FUGO-AD (sg-01063b292cec3ec8c) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0e1e536387953fb6b |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group New_example_fugoone (sg-0e1e536387953fb6b) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-044d5380ff0b25acd |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group WFGBlocks_SG (sg-044d5380ff0b25acd) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0a2c2913bff2400c2 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group KNOW-ELB (sg-0a2c2913bff2400c2) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0532d1ee42b3f4636 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group test-fugoone-db (sg-0532d1ee42b3f4636) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0f44652776af161f8 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group demo-audit-rds-sg (sg-0f44652776af161f8) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0c2a1b648c8879fe5 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-08c854f0f6d88954f |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-031db14f807d2b614 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group FUGO-Production-APP-server (sg-031db14f807d2b614) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-south-1 |
Ensure there are no Security Groups not being used. |
sg-0ebcd60f472f0e59d |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-southeast-1 |
Ensure there are no Security Groups not being used. |
sg-c9844db7 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group default (sg-c9844db7) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
ap-southeast-2 |
Ensure there are no Security Groups not being used. |
sg-b52739cb |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group default (sg-b52739cb) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
eu-central-1 |
Ensure there are no Security Groups not being used. |
sg-6cab7d09 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group default (sg-6cab7d09) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
eu-north-1 |
Ensure there are no Security Groups not being used. |
sg-c92874a2 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group default (sg-c92874a2) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
eu-west-1 |
Ensure there are no Security Groups not being used. |
sg-31d72b79 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group default (sg-31d72b79) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
eu-west-2 |
Ensure there are no Security Groups not being used. |
sg-4b2ddf2a |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group default (sg-4b2ddf2a) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
eu-west-3 |
Ensure there are no Security Groups not being used. |
sg-7aaf9417 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group default (sg-7aaf9417) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
sa-east-1 |
Ensure there are no Security Groups not being used. |
sg-f82f8285 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group default (sg-f82f8285) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
us-east-1 |
Ensure there are no Security Groups not being used. |
sg-0236a454c87e868a2 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group d-906769962c_controllers (sg-0236a454c87e868a2) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
us-east-1 |
Ensure there are no Security Groups not being used. |
sg-050d9187f381d2f0b |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group default (sg-050d9187f381d2f0b) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
us-east-1 |
Ensure there are no Security Groups not being used. |
sg-7a00c82f |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group default (sg-7a00c82f) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
low |
ec2 |
us-east-1 |
Ensure there are no Security Groups not being used. |
sg-0bde47bb7dcbff977 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) it is being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
us-east-1 |
Ensure there are no Security Groups not being used. |
sg-0d3dc664f916e5beb |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group Test Instance (sg-0d3dc664f916e5beb) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
us-east-2 |
Ensure there are no Security Groups not being used. |
sg-00e8dbdcd832c0963 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group launch-wizard-1 (sg-00e8dbdcd832c0963) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
us-east-2 |
Ensure there are no Security Groups not being used. |
sg-b78824d2 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group default (sg-b78824d2) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
us-west-1 |
Ensure there are no Security Groups not being used. |
sg-06bcee4d6827a114b |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group launch-wizard-1 (sg-06bcee4d6827a114b) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
us-west-1 |
Ensure there are no Security Groups not being used. |
sg-d876d4a6 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group default (sg-d876d4a6) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
us-west-2 |
Ensure there are no Security Groups not being used. |
sg-0e76f8d7e9c5345df |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| FAIL |
low |
ec2 |
us-west-2 |
Ensure there are no Security Groups not being used. |
sg-e0eef6a5 |
Ensure there are no Security Groups not being used. |
ec2_securitygroup_not_used |
Security group default (sg-e0eef6a5) it is not being used. |
Having clear definition and scope for Security Groups creates a better administration environment. |
List all the security groups and then use the cli to check if they are attached to an instance. |
|
| PASS |
high |
ec2 |
ap-northeast-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-a7a8a2d7 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group default (sg-a7a8a2d7) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-2 |
Find security groups with more than 50 ingress or egress rules. |
sg-0781bb66 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group default (sg-0781bb66) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-northeast-3 |
Find security groups with more than 50 ingress or egress rules. |
sg-3bd72a56 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group default (sg-3bd72a56) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-051bc89f00d84ba5d |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group default (sg-051bc89f00d84ba5d) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-014e8daa4cc040ec3 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group FLTITLE (sg-014e8daa4cc040ec3) has 3 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-05c4e006af9e88dce |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group production_instance_24hr (sg-05c4e006af9e88dce) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-090b4a2a1c5868d3f |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has 4 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-00d80536c6f581309 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group poc-new-dr-SG (sg-00d80536c6f581309) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-06bd3c482cfc57740 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group launch-wizard-10 (sg-06bd3c482cfc57740) has 2 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0cef5febe99cb6c57 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0e3c03071ed78ed08 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has 3 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-07032cce3a92d339c |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group newexample (sg-07032cce3a92d339c) has 2 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-03e9695ce5a0004e3 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has 4 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-01ce2418c7b289616 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has 2 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-048665d6d0c5ddade |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group launch-wizard-12 (sg-048665d6d0c5ddade) has 2 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-031e19902e2a5afdf |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group xenia (sg-031e19902e2a5afdf) has 4 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-09fe68ed6b5fb3364 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has 2 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-07fe7a4a585a27114 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has 4 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0d37f630587326b7e |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group launch-wizard-8 (sg-0d37f630587326b7e) has 3 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-026aafec6fadbd8c1 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has 2 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-07a7e54c93da1b0bb |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has 3 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0aeb794463e80d4fb |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has 3 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0a229ea3e85856a09 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group new-rdp-pub (sg-0a229ea3e85856a09) has 2 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-008d5e1c2f6c94baa |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-07cb54f5346101b04 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has 2 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-08d49b3fee5eae78f |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0ced3f254ff2e2449 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group Production_instance (sg-0ced3f254ff2e2449) has 2 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0af3d8b5b8bc880fa |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has 4 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0a9daa8c4e10538d0 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has 5 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0772c4ae4f2152412 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group launch-wizard-9 (sg-0772c4ae4f2152412) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-091c740915160e014 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group default (sg-091c740915160e014) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0cda5846e51d75406 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-04b71d8fe6f61ac09 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has 2 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-08a830f3818df22d8 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has 2 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-09fc17deef2200543 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group launch-wizard-3 (sg-09fc17deef2200543) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0474afad1cede51c3 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-16c91a78 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group default (sg-16c91a78) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-03dda95217bd722cf |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has 3 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0b36e9776f84be1b8 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has 2 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0bd7e423fac41eca5 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group snatpshot_test (sg-0bd7e423fac41eca5) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-05eb10b1b7df8b201 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group default (sg-05eb10b1b7df8b201) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-094663576a916beb5 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group Scan (sg-094663576a916beb5) has 2 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0cf58d958641ae531 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group FLTITLE-db (sg-0cf58d958641ae531) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-07ca5965527721e2b |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group test.fugo.ELB (sg-07ca5965527721e2b) has 2 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-04ffc3255e82b26a3 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group test.fugoone (sg-04ffc3255e82b26a3) has 3 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0cc85defb9824bf46 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group newdemo (sg-0cc85defb9824bf46) has 2 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0a5358451ab8eb31f |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has 3 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-05621c06837212db5 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group fugo office network (sg-05621c06837212db5) has 2 inbound rules and 2 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-08b7370c7d1c12ab6 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group Workspace (sg-08b7370c7d1c12ab6) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0b6c9695323ec455c |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has 2 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0d60b8f6ae7a1dc83 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0b519b5e6321a2762 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group RDP_NEW (sg-0b519b5e6321a2762) has 4 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0b6ae40bc40a05870 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group default (sg-0b6ae40bc40a05870) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-07134278bb62c54e5 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group tittle.fugoone.com (sg-07134278bb62c54e5) has 3 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-04819898c1b060625 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group launch-wizard-1 (sg-04819898c1b060625) has 2 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-04e2e7f5507ea7337 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has 3 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-05f377a970051f352 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has 7 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0e4aa2f9d569fca18 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-03cd1691502cec67e |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group windows (sg-03cd1691502cec67e) has 2 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0cae57cb9099fc6de |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has 3 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0dccfce9d4a0c9e60 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has 4 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0b491bea1db5b5666 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group Windows_Mig_test (sg-0b491bea1db5b5666) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0ee48f91f8164b5d9 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has 2 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0209ccd9248b69ece |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-055f2fcdabec8a369 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group default (sg-055f2fcdabec8a369) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-076ae3302eae38eae |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has 2 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-04025f2ff76e7bd88 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group test (sg-04025f2ff76e7bd88) has 2 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0129ef8098ddb64c3 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group monitoring-sg (sg-0129ef8098ddb64c3) has 4 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0eadf6ec31f93bb8f |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has 2 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0491433bb7e2de88d |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0c2892864e591824e |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group PMS-app-server (sg-0c2892864e591824e) has 6 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-06c3a17fe51c9de61 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0fdf571c639c4ea8f |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has 3 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0ac53cbf0ab180e84 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-054a81357c28e6fb5 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has 2 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0d900345b2583fc49 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group fugoservices-web (sg-0d900345b2583fc49) has 5 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-039c5bcf6bdfe954d |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has 2 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0a7e5947d6d3ab692 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group default (sg-0a7e5947d6d3ab692) has 5 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-000e6b51a965ce764 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group wazuh (sg-000e6b51a965ce764) has 4 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-02aac871f20a48d69 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0299cd0cdfa6599bc |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group knowfugo-database (sg-0299cd0cdfa6599bc) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0b5898998ef0f0040 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has 3 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0f1b0a1ae6ee72a6e |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0682fefbab8f20c19 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has 2 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-03f8863db5b89f3cc |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has 2 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0b599093e3e3c4c6e |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-007e9f3f5e6a7dda2 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group knowfugo (sg-007e9f3f5e6a7dda2) has 4 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0937aff6d72c24a45 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group stagng_knowfugo (sg-0937aff6d72c24a45) has 3 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-08121f893f2d89138 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has 2 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-048bccd7d49e2c556 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has 3 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0325f3fdbd7f4ae04 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group Demo-audit (sg-0325f3fdbd7f4ae04) has 3 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0f8abce01b2b398db |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group Audit-Bastion (sg-0f8abce01b2b398db) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0f05243b7bf9d3257 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has 3 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-04edb80657ca25b45 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group BASION host (sg-04edb80657ca25b45) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-01ddee8f2302669c3 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group api.fugoone.com (sg-01ddee8f2302669c3) has 5 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-01d6b0b12ee726a22 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group audit-demo-lb (sg-01d6b0b12ee726a22) has 2 inbound rules and 2 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-01063b292cec3ec8c |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group FUGO-AD (sg-01063b292cec3ec8c) has 3 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0e1e536387953fb6b |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group New_example_fugoone (sg-0e1e536387953fb6b) has 3 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-044d5380ff0b25acd |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has 5 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0a2c2913bff2400c2 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group KNOW-ELB (sg-0a2c2913bff2400c2) has 2 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0532d1ee42b3f4636 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group test-fugoone-db (sg-0532d1ee42b3f4636) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0f44652776af161f8 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group demo-audit-rds-sg (sg-0f44652776af161f8) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0c2a1b648c8879fe5 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has 2 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-08c854f0f6d88954f |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-031db14f807d2b614 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has 3 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-south-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0ebcd60f472f0e59d |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has 7 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-c9844db7 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group default (sg-c9844db7) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
ap-southeast-2 |
Find security groups with more than 50 ingress or egress rules. |
sg-b52739cb |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group default (sg-b52739cb) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-central-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-6cab7d09 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group default (sg-6cab7d09) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-north-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-c92874a2 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group default (sg-c92874a2) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-31d72b79 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group default (sg-31d72b79) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-2 |
Find security groups with more than 50 ingress or egress rules. |
sg-4b2ddf2a |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group default (sg-4b2ddf2a) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
eu-west-3 |
Find security groups with more than 50 ingress or egress rules. |
sg-7aaf9417 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group default (sg-7aaf9417) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
sa-east-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-f82f8285 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group default (sg-f82f8285) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0236a454c87e868a2 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group d-906769962c_controllers (sg-0236a454c87e868a2) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-050d9187f381d2f0b |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group default (sg-050d9187f381d2f0b) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-7a00c82f |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group default (sg-7a00c82f) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0bde47bb7dcbff977 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has 2 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-0d3dc664f916e5beb |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group Test Instance (sg-0d3dc664f916e5beb) has 2 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Find security groups with more than 50 ingress or egress rules. |
sg-00e8dbdcd832c0963 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-east-2 |
Find security groups with more than 50 ingress or egress rules. |
sg-b78824d2 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group default (sg-b78824d2) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-06bcee4d6827a114b |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group launch-wizard-1 (sg-06bcee4d6827a114b) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-1 |
Find security groups with more than 50 ingress or egress rules. |
sg-d876d4a6 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group default (sg-d876d4a6) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Find security groups with more than 50 ingress or egress rules. |
sg-0e76f8d7e9c5345df |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| PASS |
high |
ec2 |
us-west-2 |
Find security groups with more than 50 ingress or egress rules. |
sg-e0eef6a5 |
Find security groups with more than 50 ingress or egress rules. |
ec2_securitygroup_with_many_ingress_egress_rules |
Security group default (sg-e0eef6a5) has 1 inbound rules and 1 outbound rules |
If Security groups are not properly configured the attack surface is increased. |
Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have deletion protection enabled. |
FUGO-PROD-LB |
Check if Elastic Load Balancers have deletion protection enabled. |
elbv2_deletion_protection |
ELBv2 FUGO-PROD-LB has not deletion protection. |
If deletion protection is not enabled, the resource is not protected against deletion. |
Enable deletion protection attribute, this is not enabled by default. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have deletion protection enabled. |
FUGO-Staging |
Check if Elastic Load Balancers have deletion protection enabled. |
elbv2_deletion_protection |
ELBv2 FUGO-Staging has not deletion protection. |
If deletion protection is not enabled, the resource is not protected against deletion. |
Enable deletion protection attribute, this is not enabled by default. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have deletion protection enabled. |
Knowfugo-ALB |
Check if Elastic Load Balancers have deletion protection enabled. |
elbv2_deletion_protection |
ELBv2 Knowfugo-ALB has not deletion protection. |
If deletion protection is not enabled, the resource is not protected against deletion. |
Enable deletion protection attribute, this is not enabled by default. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have deletion protection enabled. |
testing-fugoone-com |
Check if Elastic Load Balancers have deletion protection enabled. |
elbv2_deletion_protection |
ELBv2 testing-fugoone-com has not deletion protection. |
If deletion protection is not enabled, the resource is not protected against deletion. |
Enable deletion protection attribute, this is not enabled by default. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have deletion protection enabled. |
stagingknowfugo |
Check if Elastic Load Balancers have deletion protection enabled. |
elbv2_deletion_protection |
ELBv2 stagingknowfugo has not deletion protection. |
If deletion protection is not enabled, the resource is not protected against deletion. |
Enable deletion protection attribute, this is not enabled by default. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have deletion protection enabled. |
demo-fugoone |
Check if Elastic Load Balancers have deletion protection enabled. |
elbv2_deletion_protection |
ELBv2 demo-fugoone has not deletion protection. |
If deletion protection is not enabled, the resource is not protected against deletion. |
Enable deletion protection attribute, this is not enabled by default. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have deletion protection enabled. |
title-fugoone-com |
Check if Elastic Load Balancers have deletion protection enabled. |
elbv2_deletion_protection |
ELBv2 title-fugoone-com has not deletion protection. |
If deletion protection is not enabled, the resource is not protected against deletion. |
Enable deletion protection attribute, this is not enabled by default. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have deletion protection enabled. |
api-LB |
Check if Elastic Load Balancers have deletion protection enabled. |
elbv2_deletion_protection |
ELBv2 api-LB has not deletion protection. |
If deletion protection is not enabled, the resource is not protected against deletion. |
Enable deletion protection attribute, this is not enabled by default. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have deletion protection enabled. |
dr-fugooneprod-lb |
Check if Elastic Load Balancers have deletion protection enabled. |
elbv2_deletion_protection |
ELBv2 dr-fugooneprod-lb has not deletion protection. |
If deletion protection is not enabled, the resource is not protected against deletion. |
Enable deletion protection attribute, this is not enabled by default. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have deletion protection enabled. |
FLTITLE-LB |
Check if Elastic Load Balancers have deletion protection enabled. |
elbv2_deletion_protection |
ELBv2 FLTITLE-LB has not deletion protection. |
If deletion protection is not enabled, the resource is not protected against deletion. |
Enable deletion protection attribute, this is not enabled by default. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have deletion protection enabled. |
FugoOne-Title |
Check if Elastic Load Balancers have deletion protection enabled. |
elbv2_deletion_protection |
ELBv2 FugoOne-Title has not deletion protection. |
If deletion protection is not enabled, the resource is not protected against deletion. |
Enable deletion protection attribute, this is not enabled by default. |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
FUGO-PROD-LB |
Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
elbv2_desync_mitigation_mode |
ELBv2 ALB FUGO-PROD-LB is configured with correct desync mitigation mode. |
HTTP Desync issues can lead to request smuggling and make your applications vulnerable to request queue or cache poisoning; which could lead to credential hijacking or execution of unauthorized commands. |
Ensure Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
FUGO-Staging |
Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
elbv2_desync_mitigation_mode |
ELBv2 ALB FUGO-Staging is configured with correct desync mitigation mode. |
HTTP Desync issues can lead to request smuggling and make your applications vulnerable to request queue or cache poisoning; which could lead to credential hijacking or execution of unauthorized commands. |
Ensure Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
Knowfugo-ALB |
Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
elbv2_desync_mitigation_mode |
ELBv2 ALB Knowfugo-ALB is configured with correct desync mitigation mode. |
HTTP Desync issues can lead to request smuggling and make your applications vulnerable to request queue or cache poisoning; which could lead to credential hijacking or execution of unauthorized commands. |
Ensure Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
testing-fugoone-com |
Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
elbv2_desync_mitigation_mode |
ELBv2 ALB testing-fugoone-com is configured with correct desync mitigation mode. |
HTTP Desync issues can lead to request smuggling and make your applications vulnerable to request queue or cache poisoning; which could lead to credential hijacking or execution of unauthorized commands. |
Ensure Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
stagingknowfugo |
Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
elbv2_desync_mitigation_mode |
ELBv2 ALB stagingknowfugo is configured with correct desync mitigation mode. |
HTTP Desync issues can lead to request smuggling and make your applications vulnerable to request queue or cache poisoning; which could lead to credential hijacking or execution of unauthorized commands. |
Ensure Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
demo-fugoone |
Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
elbv2_desync_mitigation_mode |
ELBv2 ALB demo-fugoone is configured with correct desync mitigation mode. |
HTTP Desync issues can lead to request smuggling and make your applications vulnerable to request queue or cache poisoning; which could lead to credential hijacking or execution of unauthorized commands. |
Ensure Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
title-fugoone-com |
Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
elbv2_desync_mitigation_mode |
ELBv2 ALB title-fugoone-com is configured with correct desync mitigation mode. |
HTTP Desync issues can lead to request smuggling and make your applications vulnerable to request queue or cache poisoning; which could lead to credential hijacking or execution of unauthorized commands. |
Ensure Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
api-LB |
Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
elbv2_desync_mitigation_mode |
ELBv2 ALB api-LB is configured with correct desync mitigation mode. |
HTTP Desync issues can lead to request smuggling and make your applications vulnerable to request queue or cache poisoning; which could lead to credential hijacking or execution of unauthorized commands. |
Ensure Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
dr-fugooneprod-lb |
Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
elbv2_desync_mitigation_mode |
ELBv2 ALB dr-fugooneprod-lb is configured with correct desync mitigation mode. |
HTTP Desync issues can lead to request smuggling and make your applications vulnerable to request queue or cache poisoning; which could lead to credential hijacking or execution of unauthorized commands. |
Ensure Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
FLTITLE-LB |
Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
elbv2_desync_mitigation_mode |
ELBv2 ALB FLTITLE-LB is configured with correct desync mitigation mode. |
HTTP Desync issues can lead to request smuggling and make your applications vulnerable to request queue or cache poisoning; which could lead to credential hijacking or execution of unauthorized commands. |
Ensure Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
FugoOne-Title |
Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
elbv2_desync_mitigation_mode |
ELBv2 ALB FugoOne-Title is configured with correct desync mitigation mode. |
HTTP Desync issues can lead to request smuggling and make your applications vulnerable to request queue or cache poisoning; which could lead to credential hijacking or execution of unauthorized commands. |
Ensure Application Load Balancer is configured with defensive or strictest desync mitigation mode. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have insecure SSL ciphers. |
FUGO-PROD-LB |
Check if Elastic Load Balancers have insecure SSL ciphers. |
elbv2_insecure_ssl_ciphers |
ELBv2 FUGO-PROD-LB has listeners with insecure SSL protocols or ciphers. |
Using insecure ciphers could affect privacy of in transit information. |
Use a Security policy with a ciphers that are stronger as possible. Drop legacy and unsecure ciphers. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have insecure SSL ciphers. |
FUGO-Staging |
Check if Elastic Load Balancers have insecure SSL ciphers. |
elbv2_insecure_ssl_ciphers |
ELBv2 FUGO-Staging has listeners with insecure SSL protocols or ciphers. |
Using insecure ciphers could affect privacy of in transit information. |
Use a Security policy with a ciphers that are stronger as possible. Drop legacy and unsecure ciphers. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have insecure SSL ciphers. |
Knowfugo-ALB |
Check if Elastic Load Balancers have insecure SSL ciphers. |
elbv2_insecure_ssl_ciphers |
ELBv2 Knowfugo-ALB has listeners with insecure SSL protocols or ciphers. |
Using insecure ciphers could affect privacy of in transit information. |
Use a Security policy with a ciphers that are stronger as possible. Drop legacy and unsecure ciphers. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have insecure SSL ciphers. |
testing-fugoone-com |
Check if Elastic Load Balancers have insecure SSL ciphers. |
elbv2_insecure_ssl_ciphers |
ELBv2 testing-fugoone-com has listeners with insecure SSL protocols or ciphers. |
Using insecure ciphers could affect privacy of in transit information. |
Use a Security policy with a ciphers that are stronger as possible. Drop legacy and unsecure ciphers. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have insecure SSL ciphers. |
stagingknowfugo |
Check if Elastic Load Balancers have insecure SSL ciphers. |
elbv2_insecure_ssl_ciphers |
ELBv2 stagingknowfugo has listeners with insecure SSL protocols or ciphers. |
Using insecure ciphers could affect privacy of in transit information. |
Use a Security policy with a ciphers that are stronger as possible. Drop legacy and unsecure ciphers. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have insecure SSL ciphers. |
demo-fugoone |
Check if Elastic Load Balancers have insecure SSL ciphers. |
elbv2_insecure_ssl_ciphers |
ELBv2 demo-fugoone has listeners with insecure SSL protocols or ciphers. |
Using insecure ciphers could affect privacy of in transit information. |
Use a Security policy with a ciphers that are stronger as possible. Drop legacy and unsecure ciphers. |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have insecure SSL ciphers. |
title-fugoone-com |
Check if Elastic Load Balancers have insecure SSL ciphers. |
elbv2_insecure_ssl_ciphers |
ELBv2 title-fugoone-com has not insecure SSL protocols or ciphers. |
Using insecure ciphers could affect privacy of in transit information. |
Use a Security policy with a ciphers that are stronger as possible. Drop legacy and unsecure ciphers. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have insecure SSL ciphers. |
api-LB |
Check if Elastic Load Balancers have insecure SSL ciphers. |
elbv2_insecure_ssl_ciphers |
ELBv2 api-LB has listeners with insecure SSL protocols or ciphers. |
Using insecure ciphers could affect privacy of in transit information. |
Use a Security policy with a ciphers that are stronger as possible. Drop legacy and unsecure ciphers. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have insecure SSL ciphers. |
dr-fugooneprod-lb |
Check if Elastic Load Balancers have insecure SSL ciphers. |
elbv2_insecure_ssl_ciphers |
ELBv2 dr-fugooneprod-lb has listeners with insecure SSL protocols or ciphers. |
Using insecure ciphers could affect privacy of in transit information. |
Use a Security policy with a ciphers that are stronger as possible. Drop legacy and unsecure ciphers. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have insecure SSL ciphers. |
FLTITLE-LB |
Check if Elastic Load Balancers have insecure SSL ciphers. |
elbv2_insecure_ssl_ciphers |
ELBv2 FLTITLE-LB has listeners with insecure SSL protocols or ciphers. |
Using insecure ciphers could affect privacy of in transit information. |
Use a Security policy with a ciphers that are stronger as possible. Drop legacy and unsecure ciphers. |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have insecure SSL ciphers. |
FugoOne-Title |
Check if Elastic Load Balancers have insecure SSL ciphers. |
elbv2_insecure_ssl_ciphers |
ELBv2 FugoOne-Title has not insecure SSL protocols or ciphers. |
Using insecure ciphers could affect privacy of in transit information. |
Use a Security policy with a ciphers that are stronger as possible. Drop legacy and unsecure ciphers. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check for internet facing Elastic Load Balancers. |
FUGO-PROD-LB |
Check for internet facing Elastic Load Balancers. |
elbv2_internet_facing |
ELBv2 ALB FUGO-PROD-LB is internet facing in FUGO-PROD-LB-459435528.ap-south-1.elb.amazonaws.com. |
Publicly accessible load balancers could expose sensitive data to bad actors. |
Ensure the load balancer should be publicly accessible. If publicly exposed ensure a WAF ACL is implemented. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check for internet facing Elastic Load Balancers. |
FUGO-Staging |
Check for internet facing Elastic Load Balancers. |
elbv2_internet_facing |
ELBv2 ALB FUGO-Staging is internet facing in FUGO-Staging-192071740.ap-south-1.elb.amazonaws.com. |
Publicly accessible load balancers could expose sensitive data to bad actors. |
Ensure the load balancer should be publicly accessible. If publicly exposed ensure a WAF ACL is implemented. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check for internet facing Elastic Load Balancers. |
Knowfugo-ALB |
Check for internet facing Elastic Load Balancers. |
elbv2_internet_facing |
ELBv2 ALB Knowfugo-ALB is internet facing in Knowfugo-ALB-522516464.ap-south-1.elb.amazonaws.com. |
Publicly accessible load balancers could expose sensitive data to bad actors. |
Ensure the load balancer should be publicly accessible. If publicly exposed ensure a WAF ACL is implemented. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check for internet facing Elastic Load Balancers. |
testing-fugoone-com |
Check for internet facing Elastic Load Balancers. |
elbv2_internet_facing |
ELBv2 ALB testing-fugoone-com is internet facing in testing-fugoone-com-310979580.ap-south-1.elb.amazonaws.com. |
Publicly accessible load balancers could expose sensitive data to bad actors. |
Ensure the load balancer should be publicly accessible. If publicly exposed ensure a WAF ACL is implemented. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check for internet facing Elastic Load Balancers. |
stagingknowfugo |
Check for internet facing Elastic Load Balancers. |
elbv2_internet_facing |
ELBv2 ALB stagingknowfugo is internet facing in stagingknowfugo-1329847775.ap-south-1.elb.amazonaws.com. |
Publicly accessible load balancers could expose sensitive data to bad actors. |
Ensure the load balancer should be publicly accessible. If publicly exposed ensure a WAF ACL is implemented. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check for internet facing Elastic Load Balancers. |
demo-fugoone |
Check for internet facing Elastic Load Balancers. |
elbv2_internet_facing |
ELBv2 ALB demo-fugoone is internet facing in demo-fugoone-983706329.ap-south-1.elb.amazonaws.com. |
Publicly accessible load balancers could expose sensitive data to bad actors. |
Ensure the load balancer should be publicly accessible. If publicly exposed ensure a WAF ACL is implemented. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check for internet facing Elastic Load Balancers. |
title-fugoone-com |
Check for internet facing Elastic Load Balancers. |
elbv2_internet_facing |
ELBv2 ALB title-fugoone-com is internet facing in title-fugoone-com-1076175532.ap-south-1.elb.amazonaws.com. |
Publicly accessible load balancers could expose sensitive data to bad actors. |
Ensure the load balancer should be publicly accessible. If publicly exposed ensure a WAF ACL is implemented. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check for internet facing Elastic Load Balancers. |
api-LB |
Check for internet facing Elastic Load Balancers. |
elbv2_internet_facing |
ELBv2 ALB api-LB is internet facing in api-LB-1193414118.ap-south-1.elb.amazonaws.com. |
Publicly accessible load balancers could expose sensitive data to bad actors. |
Ensure the load balancer should be publicly accessible. If publicly exposed ensure a WAF ACL is implemented. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check for internet facing Elastic Load Balancers. |
dr-fugooneprod-lb |
Check for internet facing Elastic Load Balancers. |
elbv2_internet_facing |
ELBv2 ALB dr-fugooneprod-lb is internet facing in dr-fugooneprod-lb-1545937100.ap-south-1.elb.amazonaws.com. |
Publicly accessible load balancers could expose sensitive data to bad actors. |
Ensure the load balancer should be publicly accessible. If publicly exposed ensure a WAF ACL is implemented. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check for internet facing Elastic Load Balancers. |
FLTITLE-LB |
Check for internet facing Elastic Load Balancers. |
elbv2_internet_facing |
ELBv2 ALB FLTITLE-LB is internet facing in FLTITLE-LB-1323651929.ap-south-1.elb.amazonaws.com. |
Publicly accessible load balancers could expose sensitive data to bad actors. |
Ensure the load balancer should be publicly accessible. If publicly exposed ensure a WAF ACL is implemented. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check for internet facing Elastic Load Balancers. |
FugoOne-Title |
Check for internet facing Elastic Load Balancers. |
elbv2_internet_facing |
ELBv2 ALB FugoOne-Title is internet facing in FugoOne-Title-1259559776.ap-south-1.elb.amazonaws.com. |
Publicly accessible load balancers could expose sensitive data to bad actors. |
Ensure the load balancer should be publicly accessible. If publicly exposed ensure a WAF ACL is implemented. |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check if ELBV2 has listeners underneath. |
FUGO-PROD-LB |
Check if ELBV2 has listeners underneath. |
elbv2_listeners_underneath |
ELBv2 FUGO-PROD-LB has listeners underneath. |
The rules that are defined for a listener determine how the load balancer routes requests to its registered targets. |
Add listeners to Elastic Load Balancers V2. |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check if ELBV2 has listeners underneath. |
FUGO-Staging |
Check if ELBV2 has listeners underneath. |
elbv2_listeners_underneath |
ELBv2 FUGO-Staging has listeners underneath. |
The rules that are defined for a listener determine how the load balancer routes requests to its registered targets. |
Add listeners to Elastic Load Balancers V2. |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check if ELBV2 has listeners underneath. |
Knowfugo-ALB |
Check if ELBV2 has listeners underneath. |
elbv2_listeners_underneath |
ELBv2 Knowfugo-ALB has listeners underneath. |
The rules that are defined for a listener determine how the load balancer routes requests to its registered targets. |
Add listeners to Elastic Load Balancers V2. |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check if ELBV2 has listeners underneath. |
testing-fugoone-com |
Check if ELBV2 has listeners underneath. |
elbv2_listeners_underneath |
ELBv2 testing-fugoone-com has listeners underneath. |
The rules that are defined for a listener determine how the load balancer routes requests to its registered targets. |
Add listeners to Elastic Load Balancers V2. |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check if ELBV2 has listeners underneath. |
stagingknowfugo |
Check if ELBV2 has listeners underneath. |
elbv2_listeners_underneath |
ELBv2 stagingknowfugo has listeners underneath. |
The rules that are defined for a listener determine how the load balancer routes requests to its registered targets. |
Add listeners to Elastic Load Balancers V2. |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check if ELBV2 has listeners underneath. |
demo-fugoone |
Check if ELBV2 has listeners underneath. |
elbv2_listeners_underneath |
ELBv2 demo-fugoone has listeners underneath. |
The rules that are defined for a listener determine how the load balancer routes requests to its registered targets. |
Add listeners to Elastic Load Balancers V2. |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check if ELBV2 has listeners underneath. |
title-fugoone-com |
Check if ELBV2 has listeners underneath. |
elbv2_listeners_underneath |
ELBv2 title-fugoone-com has listeners underneath. |
The rules that are defined for a listener determine how the load balancer routes requests to its registered targets. |
Add listeners to Elastic Load Balancers V2. |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check if ELBV2 has listeners underneath. |
api-LB |
Check if ELBV2 has listeners underneath. |
elbv2_listeners_underneath |
ELBv2 api-LB has listeners underneath. |
The rules that are defined for a listener determine how the load balancer routes requests to its registered targets. |
Add listeners to Elastic Load Balancers V2. |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check if ELBV2 has listeners underneath. |
dr-fugooneprod-lb |
Check if ELBV2 has listeners underneath. |
elbv2_listeners_underneath |
ELBv2 dr-fugooneprod-lb has listeners underneath. |
The rules that are defined for a listener determine how the load balancer routes requests to its registered targets. |
Add listeners to Elastic Load Balancers V2. |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check if ELBV2 has listeners underneath. |
FLTITLE-LB |
Check if ELBV2 has listeners underneath. |
elbv2_listeners_underneath |
ELBv2 FLTITLE-LB has listeners underneath. |
The rules that are defined for a listener determine how the load balancer routes requests to its registered targets. |
Add listeners to Elastic Load Balancers V2. |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check if ELBV2 has listeners underneath. |
FugoOne-Title |
Check if ELBV2 has listeners underneath. |
elbv2_listeners_underneath |
ELBv2 FugoOne-Title has listeners underneath. |
The rules that are defined for a listener determine how the load balancer routes requests to its registered targets. |
Add listeners to Elastic Load Balancers V2. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have logging enabled. |
FUGO-PROD-LB |
Check if Elastic Load Balancers have logging enabled. |
elbv2_logging_enabled |
ELBv2 ALB FUGO-PROD-LB has not configured access logs. |
If logs are not enabled monitoring of service use and threat analysis is not possible. |
Enable ELB logging, create la log lifecycle and define use cases. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have logging enabled. |
FUGO-Staging |
Check if Elastic Load Balancers have logging enabled. |
elbv2_logging_enabled |
ELBv2 ALB FUGO-Staging has not configured access logs. |
If logs are not enabled monitoring of service use and threat analysis is not possible. |
Enable ELB logging, create la log lifecycle and define use cases. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have logging enabled. |
Knowfugo-ALB |
Check if Elastic Load Balancers have logging enabled. |
elbv2_logging_enabled |
ELBv2 ALB Knowfugo-ALB has not configured access logs. |
If logs are not enabled monitoring of service use and threat analysis is not possible. |
Enable ELB logging, create la log lifecycle and define use cases. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have logging enabled. |
testing-fugoone-com |
Check if Elastic Load Balancers have logging enabled. |
elbv2_logging_enabled |
ELBv2 ALB testing-fugoone-com has not configured access logs. |
If logs are not enabled monitoring of service use and threat analysis is not possible. |
Enable ELB logging, create la log lifecycle and define use cases. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have logging enabled. |
stagingknowfugo |
Check if Elastic Load Balancers have logging enabled. |
elbv2_logging_enabled |
ELBv2 ALB stagingknowfugo has not configured access logs. |
If logs are not enabled monitoring of service use and threat analysis is not possible. |
Enable ELB logging, create la log lifecycle and define use cases. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have logging enabled. |
demo-fugoone |
Check if Elastic Load Balancers have logging enabled. |
elbv2_logging_enabled |
ELBv2 ALB demo-fugoone has not configured access logs. |
If logs are not enabled monitoring of service use and threat analysis is not possible. |
Enable ELB logging, create la log lifecycle and define use cases. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have logging enabled. |
title-fugoone-com |
Check if Elastic Load Balancers have logging enabled. |
elbv2_logging_enabled |
ELBv2 ALB title-fugoone-com has not configured access logs. |
If logs are not enabled monitoring of service use and threat analysis is not possible. |
Enable ELB logging, create la log lifecycle and define use cases. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have logging enabled. |
api-LB |
Check if Elastic Load Balancers have logging enabled. |
elbv2_logging_enabled |
ELBv2 ALB api-LB has not configured access logs. |
If logs are not enabled monitoring of service use and threat analysis is not possible. |
Enable ELB logging, create la log lifecycle and define use cases. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have logging enabled. |
dr-fugooneprod-lb |
Check if Elastic Load Balancers have logging enabled. |
elbv2_logging_enabled |
ELBv2 ALB dr-fugooneprod-lb has not configured access logs. |
If logs are not enabled monitoring of service use and threat analysis is not possible. |
Enable ELB logging, create la log lifecycle and define use cases. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have logging enabled. |
FLTITLE-LB |
Check if Elastic Load Balancers have logging enabled. |
elbv2_logging_enabled |
ELBv2 ALB FLTITLE-LB has not configured access logs. |
If logs are not enabled monitoring of service use and threat analysis is not possible. |
Enable ELB logging, create la log lifecycle and define use cases. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have logging enabled. |
FugoOne-Title |
Check if Elastic Load Balancers have logging enabled. |
elbv2_logging_enabled |
ELBv2 ALB FugoOne-Title has not configured access logs. |
If logs are not enabled monitoring of service use and threat analysis is not possible. |
Enable ELB logging, create la log lifecycle and define use cases. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. |
FUGO-PROD-LB |
Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. |
elbv2_request_smugling |
ELBv2 ALB FUGO-PROD-LB is not dropping invalid header fields. |
ALB can be target of actors sending bad HTTP headers. |
Ensure Application Load Balancer is configured for HTTP headers with header fields that are not valid are removed by the load balancer (true). |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. |
FUGO-Staging |
Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. |
elbv2_request_smugling |
ELBv2 ALB FUGO-Staging is not dropping invalid header fields. |
ALB can be target of actors sending bad HTTP headers. |
Ensure Application Load Balancer is configured for HTTP headers with header fields that are not valid are removed by the load balancer (true). |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. |
Knowfugo-ALB |
Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. |
elbv2_request_smugling |
ELBv2 ALB Knowfugo-ALB is not dropping invalid header fields. |
ALB can be target of actors sending bad HTTP headers. |
Ensure Application Load Balancer is configured for HTTP headers with header fields that are not valid are removed by the load balancer (true). |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. |
testing-fugoone-com |
Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. |
elbv2_request_smugling |
ELBv2 ALB testing-fugoone-com is not dropping invalid header fields. |
ALB can be target of actors sending bad HTTP headers. |
Ensure Application Load Balancer is configured for HTTP headers with header fields that are not valid are removed by the load balancer (true). |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. |
stagingknowfugo |
Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. |
elbv2_request_smugling |
ELBv2 ALB stagingknowfugo is not dropping invalid header fields. |
ALB can be target of actors sending bad HTTP headers. |
Ensure Application Load Balancer is configured for HTTP headers with header fields that are not valid are removed by the load balancer (true). |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. |
demo-fugoone |
Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. |
elbv2_request_smugling |
ELBv2 ALB demo-fugoone is not dropping invalid header fields. |
ALB can be target of actors sending bad HTTP headers. |
Ensure Application Load Balancer is configured for HTTP headers with header fields that are not valid are removed by the load balancer (true). |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. |
title-fugoone-com |
Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. |
elbv2_request_smugling |
ELBv2 ALB title-fugoone-com is not dropping invalid header fields. |
ALB can be target of actors sending bad HTTP headers. |
Ensure Application Load Balancer is configured for HTTP headers with header fields that are not valid are removed by the load balancer (true). |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. |
api-LB |
Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. |
elbv2_request_smugling |
ELBv2 ALB api-LB is not dropping invalid header fields. |
ALB can be target of actors sending bad HTTP headers. |
Ensure Application Load Balancer is configured for HTTP headers with header fields that are not valid are removed by the load balancer (true). |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. |
dr-fugooneprod-lb |
Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. |
elbv2_request_smugling |
ELBv2 ALB dr-fugooneprod-lb is not dropping invalid header fields. |
ALB can be target of actors sending bad HTTP headers. |
Ensure Application Load Balancer is configured for HTTP headers with header fields that are not valid are removed by the load balancer (true). |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. |
FLTITLE-LB |
Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. |
elbv2_request_smugling |
ELBv2 ALB FLTITLE-LB is not dropping invalid header fields. |
ALB can be target of actors sending bad HTTP headers. |
Ensure Application Load Balancer is configured for HTTP headers with header fields that are not valid are removed by the load balancer (true). |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. |
FugoOne-Title |
Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. |
elbv2_request_smugling |
ELBv2 ALB FugoOne-Title is not dropping invalid header fields. |
ALB can be target of actors sending bad HTTP headers. |
Ensure Application Load Balancer is configured for HTTP headers with header fields that are not valid are removed by the load balancer (true). |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have SSL listeners. |
FUGO-PROD-LB |
Check if Elastic Load Balancers have SSL listeners. |
elbv2_ssl_listeners |
ELBv2 ALB FUGO-PROD-LB has HTTP listener but it redirects to HTTPS. |
Clear text communication could affect privacy of information in transit. |
Scan for Load Balancers with HTTP or TCP listeners and understand the reason for each of them. Check if the listener can be implemented as TLS instead. |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have SSL listeners. |
FUGO-Staging |
Check if Elastic Load Balancers have SSL listeners. |
elbv2_ssl_listeners |
ELBv2 ALB FUGO-Staging has HTTP listener but it redirects to HTTPS. |
Clear text communication could affect privacy of information in transit. |
Scan for Load Balancers with HTTP or TCP listeners and understand the reason for each of them. Check if the listener can be implemented as TLS instead. |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have SSL listeners. |
Knowfugo-ALB |
Check if Elastic Load Balancers have SSL listeners. |
elbv2_ssl_listeners |
ELBv2 ALB Knowfugo-ALB has HTTP listener but it redirects to HTTPS. |
Clear text communication could affect privacy of information in transit. |
Scan for Load Balancers with HTTP or TCP listeners and understand the reason for each of them. Check if the listener can be implemented as TLS instead. |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have SSL listeners. |
testing-fugoone-com |
Check if Elastic Load Balancers have SSL listeners. |
elbv2_ssl_listeners |
ELBv2 ALB testing-fugoone-com has HTTP listener but it redirects to HTTPS. |
Clear text communication could affect privacy of information in transit. |
Scan for Load Balancers with HTTP or TCP listeners and understand the reason for each of them. Check if the listener can be implemented as TLS instead. |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have SSL listeners. |
stagingknowfugo |
Check if Elastic Load Balancers have SSL listeners. |
elbv2_ssl_listeners |
ELBv2 ALB stagingknowfugo has HTTP listener but it redirects to HTTPS. |
Clear text communication could affect privacy of information in transit. |
Scan for Load Balancers with HTTP or TCP listeners and understand the reason for each of them. Check if the listener can be implemented as TLS instead. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have SSL listeners. |
demo-fugoone |
Check if Elastic Load Balancers have SSL listeners. |
elbv2_ssl_listeners |
ELBv2 ALB demo-fugoone has non-encrypted listeners. |
Clear text communication could affect privacy of information in transit. |
Scan for Load Balancers with HTTP or TCP listeners and understand the reason for each of them. Check if the listener can be implemented as TLS instead. |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have SSL listeners. |
title-fugoone-com |
Check if Elastic Load Balancers have SSL listeners. |
elbv2_ssl_listeners |
ELBv2 ALB title-fugoone-com has HTTP listener but it redirects to HTTPS. |
Clear text communication could affect privacy of information in transit. |
Scan for Load Balancers with HTTP or TCP listeners and understand the reason for each of them. Check if the listener can be implemented as TLS instead. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have SSL listeners. |
api-LB |
Check if Elastic Load Balancers have SSL listeners. |
elbv2_ssl_listeners |
ELBv2 ALB api-LB has non-encrypted listeners. |
Clear text communication could affect privacy of information in transit. |
Scan for Load Balancers with HTTP or TCP listeners and understand the reason for each of them. Check if the listener can be implemented as TLS instead. |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have SSL listeners. |
dr-fugooneprod-lb |
Check if Elastic Load Balancers have SSL listeners. |
elbv2_ssl_listeners |
ELBv2 ALB dr-fugooneprod-lb has HTTP listener but it redirects to HTTPS. |
Clear text communication could affect privacy of information in transit. |
Scan for Load Balancers with HTTP or TCP listeners and understand the reason for each of them. Check if the listener can be implemented as TLS instead. |
|
| PASS |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have SSL listeners. |
FLTITLE-LB |
Check if Elastic Load Balancers have SSL listeners. |
elbv2_ssl_listeners |
ELBv2 ALB FLTITLE-LB has HTTP listener but it redirects to HTTPS. |
Clear text communication could affect privacy of information in transit. |
Scan for Load Balancers with HTTP or TCP listeners and understand the reason for each of them. Check if the listener can be implemented as TLS instead. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Elastic Load Balancers have SSL listeners. |
FugoOne-Title |
Check if Elastic Load Balancers have SSL listeners. |
elbv2_ssl_listeners |
ELBv2 ALB FugoOne-Title has non-encrypted listeners. |
Clear text communication could affect privacy of information in transit. |
Scan for Load Balancers with HTTP or TCP listeners and understand the reason for each of them. Check if the listener can be implemented as TLS instead. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Application Load Balancer has a WAF ACL attached. |
FUGO-PROD-LB |
Check if Application Load Balancer has a WAF ACL attached. |
elbv2_waf_acl_attached |
ELBv2 ALB FUGO-PROD-LB is not protected by WAF Web ACL. |
If not WAF ACL is attached risk of web attacks increases. |
Using the AWS Management Console open the AWS WAF console to attach an ACL. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Application Load Balancer has a WAF ACL attached. |
FUGO-Staging |
Check if Application Load Balancer has a WAF ACL attached. |
elbv2_waf_acl_attached |
ELBv2 ALB FUGO-Staging is not protected by WAF Web ACL. |
If not WAF ACL is attached risk of web attacks increases. |
Using the AWS Management Console open the AWS WAF console to attach an ACL. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Application Load Balancer has a WAF ACL attached. |
Knowfugo-ALB |
Check if Application Load Balancer has a WAF ACL attached. |
elbv2_waf_acl_attached |
ELBv2 ALB Knowfugo-ALB is not protected by WAF Web ACL. |
If not WAF ACL is attached risk of web attacks increases. |
Using the AWS Management Console open the AWS WAF console to attach an ACL. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Application Load Balancer has a WAF ACL attached. |
testing-fugoone-com |
Check if Application Load Balancer has a WAF ACL attached. |
elbv2_waf_acl_attached |
ELBv2 ALB testing-fugoone-com is not protected by WAF Web ACL. |
If not WAF ACL is attached risk of web attacks increases. |
Using the AWS Management Console open the AWS WAF console to attach an ACL. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Application Load Balancer has a WAF ACL attached. |
stagingknowfugo |
Check if Application Load Balancer has a WAF ACL attached. |
elbv2_waf_acl_attached |
ELBv2 ALB stagingknowfugo is not protected by WAF Web ACL. |
If not WAF ACL is attached risk of web attacks increases. |
Using the AWS Management Console open the AWS WAF console to attach an ACL. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Application Load Balancer has a WAF ACL attached. |
demo-fugoone |
Check if Application Load Balancer has a WAF ACL attached. |
elbv2_waf_acl_attached |
ELBv2 ALB demo-fugoone is not protected by WAF Web ACL. |
If not WAF ACL is attached risk of web attacks increases. |
Using the AWS Management Console open the AWS WAF console to attach an ACL. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Application Load Balancer has a WAF ACL attached. |
title-fugoone-com |
Check if Application Load Balancer has a WAF ACL attached. |
elbv2_waf_acl_attached |
ELBv2 ALB title-fugoone-com is not protected by WAF Web ACL. |
If not WAF ACL is attached risk of web attacks increases. |
Using the AWS Management Console open the AWS WAF console to attach an ACL. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Application Load Balancer has a WAF ACL attached. |
api-LB |
Check if Application Load Balancer has a WAF ACL attached. |
elbv2_waf_acl_attached |
ELBv2 ALB api-LB is not protected by WAF Web ACL. |
If not WAF ACL is attached risk of web attacks increases. |
Using the AWS Management Console open the AWS WAF console to attach an ACL. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Application Load Balancer has a WAF ACL attached. |
dr-fugooneprod-lb |
Check if Application Load Balancer has a WAF ACL attached. |
elbv2_waf_acl_attached |
ELBv2 ALB dr-fugooneprod-lb is not protected by WAF Web ACL. |
If not WAF ACL is attached risk of web attacks increases. |
Using the AWS Management Console open the AWS WAF console to attach an ACL. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Application Load Balancer has a WAF ACL attached. |
FLTITLE-LB |
Check if Application Load Balancer has a WAF ACL attached. |
elbv2_waf_acl_attached |
ELBv2 ALB FLTITLE-LB is not protected by WAF Web ACL. |
If not WAF ACL is attached risk of web attacks increases. |
Using the AWS Management Console open the AWS WAF console to attach an ACL. |
|
| FAIL |
medium |
elbv2 |
ap-south-1 |
Check if Application Load Balancer has a WAF ACL attached. |
FugoOne-Title |
Check if Application Load Balancer has a WAF ACL attached. |
elbv2_waf_acl_attached |
ELBv2 ALB FugoOne-Title is not protected by WAF Web ACL. |
If not WAF ACL is attached risk of web attacks increases. |
Using the AWS Management Console open the AWS WAF console to attach an ACL. |
|
| PASS |
high |
emr |
ap-northeast-1 |
EMR Account Public Access Block enabled. |
207592916039 |
EMR Account Public Access Block enabled. |
emr_cluster_account_public_block_enabled |
EMR Account has Block Public Access enabled |
EMR Clusters must have Account Public Access Block enabled. |
Enable EMR Account Public Access Block. |
|
| PASS |
high |
emr |
ap-northeast-2 |
EMR Account Public Access Block enabled. |
207592916039 |
EMR Account Public Access Block enabled. |
emr_cluster_account_public_block_enabled |
EMR Account has Block Public Access enabled |
EMR Clusters must have Account Public Access Block enabled. |
Enable EMR Account Public Access Block. |
|
| PASS |
high |
emr |
ap-northeast-3 |
EMR Account Public Access Block enabled. |
207592916039 |
EMR Account Public Access Block enabled. |
emr_cluster_account_public_block_enabled |
EMR Account has Block Public Access enabled |
EMR Clusters must have Account Public Access Block enabled. |
Enable EMR Account Public Access Block. |
|
| PASS |
high |
emr |
ap-south-1 |
EMR Account Public Access Block enabled. |
207592916039 |
EMR Account Public Access Block enabled. |
emr_cluster_account_public_block_enabled |
EMR Account has Block Public Access enabled |
EMR Clusters must have Account Public Access Block enabled. |
Enable EMR Account Public Access Block. |
|
| PASS |
high |
emr |
ap-southeast-1 |
EMR Account Public Access Block enabled. |
207592916039 |
EMR Account Public Access Block enabled. |
emr_cluster_account_public_block_enabled |
EMR Account has Block Public Access enabled |
EMR Clusters must have Account Public Access Block enabled. |
Enable EMR Account Public Access Block. |
|
| PASS |
high |
emr |
ap-southeast-2 |
EMR Account Public Access Block enabled. |
207592916039 |
EMR Account Public Access Block enabled. |
emr_cluster_account_public_block_enabled |
EMR Account has Block Public Access enabled |
EMR Clusters must have Account Public Access Block enabled. |
Enable EMR Account Public Access Block. |
|
| PASS |
high |
emr |
ca-central-1 |
EMR Account Public Access Block enabled. |
207592916039 |
EMR Account Public Access Block enabled. |
emr_cluster_account_public_block_enabled |
EMR Account has Block Public Access enabled |
EMR Clusters must have Account Public Access Block enabled. |
Enable EMR Account Public Access Block. |
|
| PASS |
high |
emr |
eu-central-1 |
EMR Account Public Access Block enabled. |
207592916039 |
EMR Account Public Access Block enabled. |
emr_cluster_account_public_block_enabled |
EMR Account has Block Public Access enabled |
EMR Clusters must have Account Public Access Block enabled. |
Enable EMR Account Public Access Block. |
|
| PASS |
high |
emr |
eu-north-1 |
EMR Account Public Access Block enabled. |
207592916039 |
EMR Account Public Access Block enabled. |
emr_cluster_account_public_block_enabled |
EMR Account has Block Public Access enabled |
EMR Clusters must have Account Public Access Block enabled. |
Enable EMR Account Public Access Block. |
|
| PASS |
high |
emr |
eu-west-1 |
EMR Account Public Access Block enabled. |
207592916039 |
EMR Account Public Access Block enabled. |
emr_cluster_account_public_block_enabled |
EMR Account has Block Public Access enabled |
EMR Clusters must have Account Public Access Block enabled. |
Enable EMR Account Public Access Block. |
|
| PASS |
high |
emr |
eu-west-2 |
EMR Account Public Access Block enabled. |
207592916039 |
EMR Account Public Access Block enabled. |
emr_cluster_account_public_block_enabled |
EMR Account has Block Public Access enabled |
EMR Clusters must have Account Public Access Block enabled. |
Enable EMR Account Public Access Block. |
|
| PASS |
high |
emr |
eu-west-3 |
EMR Account Public Access Block enabled. |
207592916039 |
EMR Account Public Access Block enabled. |
emr_cluster_account_public_block_enabled |
EMR Account has Block Public Access enabled |
EMR Clusters must have Account Public Access Block enabled. |
Enable EMR Account Public Access Block. |
|
| PASS |
high |
emr |
sa-east-1 |
EMR Account Public Access Block enabled. |
207592916039 |
EMR Account Public Access Block enabled. |
emr_cluster_account_public_block_enabled |
EMR Account has Block Public Access enabled |
EMR Clusters must have Account Public Access Block enabled. |
Enable EMR Account Public Access Block. |
|
| PASS |
high |
emr |
us-east-1 |
EMR Account Public Access Block enabled. |
207592916039 |
EMR Account Public Access Block enabled. |
emr_cluster_account_public_block_enabled |
EMR Account has Block Public Access enabled |
EMR Clusters must have Account Public Access Block enabled. |
Enable EMR Account Public Access Block. |
|
| PASS |
high |
emr |
us-east-2 |
EMR Account Public Access Block enabled. |
207592916039 |
EMR Account Public Access Block enabled. |
emr_cluster_account_public_block_enabled |
EMR Account has Block Public Access enabled |
EMR Clusters must have Account Public Access Block enabled. |
Enable EMR Account Public Access Block. |
|
| PASS |
high |
emr |
us-west-1 |
EMR Account Public Access Block enabled. |
207592916039 |
EMR Account Public Access Block enabled. |
emr_cluster_account_public_block_enabled |
EMR Account has Block Public Access enabled |
EMR Clusters must have Account Public Access Block enabled. |
Enable EMR Account Public Access Block. |
|
| PASS |
high |
emr |
us-west-2 |
EMR Account Public Access Block enabled. |
207592916039 |
EMR Account Public Access Block enabled. |
emr_cluster_account_public_block_enabled |
EMR Account has Block Public Access enabled |
EMR Clusters must have Account Public Access Block enabled. |
Enable EMR Account Public Access Block. |
|
| FAIL |
medium |
glue |
ap-northeast-1 |
Check if Glue data catalog settings have encrypt connection password enabled. |
207592916039 |
Check if Glue data catalog settings have encrypt connection password enabled. |
glue_data_catalogs_connection_passwords_encryption_enabled |
Glue data catalog connection password is not encrypted. |
If not enabled sensitive information at rest is not protected. |
On the AWS Glue console; you can enable this option on the Data catalog settings page. |
|
| FAIL |
medium |
glue |
ap-northeast-2 |
Check if Glue data catalog settings have encrypt connection password enabled. |
207592916039 |
Check if Glue data catalog settings have encrypt connection password enabled. |
glue_data_catalogs_connection_passwords_encryption_enabled |
Glue data catalog connection password is not encrypted. |
If not enabled sensitive information at rest is not protected. |
On the AWS Glue console; you can enable this option on the Data catalog settings page. |
|
| FAIL |
medium |
glue |
ap-northeast-3 |
Check if Glue data catalog settings have encrypt connection password enabled. |
207592916039 |
Check if Glue data catalog settings have encrypt connection password enabled. |
glue_data_catalogs_connection_passwords_encryption_enabled |
Glue data catalog connection password is not encrypted. |
If not enabled sensitive information at rest is not protected. |
On the AWS Glue console; you can enable this option on the Data catalog settings page. |
|
| FAIL |
medium |
glue |
ap-south-1 |
Check if Glue data catalog settings have encrypt connection password enabled. |
207592916039 |
Check if Glue data catalog settings have encrypt connection password enabled. |
glue_data_catalogs_connection_passwords_encryption_enabled |
Glue data catalog connection password is not encrypted. |
If not enabled sensitive information at rest is not protected. |
On the AWS Glue console; you can enable this option on the Data catalog settings page. |
|
| FAIL |
medium |
glue |
ap-southeast-1 |
Check if Glue data catalog settings have encrypt connection password enabled. |
207592916039 |
Check if Glue data catalog settings have encrypt connection password enabled. |
glue_data_catalogs_connection_passwords_encryption_enabled |
Glue data catalog connection password is not encrypted. |
If not enabled sensitive information at rest is not protected. |
On the AWS Glue console; you can enable this option on the Data catalog settings page. |
|
| FAIL |
medium |
glue |
ap-southeast-2 |
Check if Glue data catalog settings have encrypt connection password enabled. |
207592916039 |
Check if Glue data catalog settings have encrypt connection password enabled. |
glue_data_catalogs_connection_passwords_encryption_enabled |
Glue data catalog connection password is not encrypted. |
If not enabled sensitive information at rest is not protected. |
On the AWS Glue console; you can enable this option on the Data catalog settings page. |
|
| FAIL |
medium |
glue |
ca-central-1 |
Check if Glue data catalog settings have encrypt connection password enabled. |
207592916039 |
Check if Glue data catalog settings have encrypt connection password enabled. |
glue_data_catalogs_connection_passwords_encryption_enabled |
Glue data catalog connection password is not encrypted. |
If not enabled sensitive information at rest is not protected. |
On the AWS Glue console; you can enable this option on the Data catalog settings page. |
|
| FAIL |
medium |
glue |
eu-central-1 |
Check if Glue data catalog settings have encrypt connection password enabled. |
207592916039 |
Check if Glue data catalog settings have encrypt connection password enabled. |
glue_data_catalogs_connection_passwords_encryption_enabled |
Glue data catalog connection password is not encrypted. |
If not enabled sensitive information at rest is not protected. |
On the AWS Glue console; you can enable this option on the Data catalog settings page. |
|
| FAIL |
medium |
glue |
eu-north-1 |
Check if Glue data catalog settings have encrypt connection password enabled. |
207592916039 |
Check if Glue data catalog settings have encrypt connection password enabled. |
glue_data_catalogs_connection_passwords_encryption_enabled |
Glue data catalog connection password is not encrypted. |
If not enabled sensitive information at rest is not protected. |
On the AWS Glue console; you can enable this option on the Data catalog settings page. |
|
| FAIL |
medium |
glue |
eu-west-1 |
Check if Glue data catalog settings have encrypt connection password enabled. |
207592916039 |
Check if Glue data catalog settings have encrypt connection password enabled. |
glue_data_catalogs_connection_passwords_encryption_enabled |
Glue data catalog connection password is not encrypted. |
If not enabled sensitive information at rest is not protected. |
On the AWS Glue console; you can enable this option on the Data catalog settings page. |
|
| FAIL |
medium |
glue |
eu-west-2 |
Check if Glue data catalog settings have encrypt connection password enabled. |
207592916039 |
Check if Glue data catalog settings have encrypt connection password enabled. |
glue_data_catalogs_connection_passwords_encryption_enabled |
Glue data catalog connection password is not encrypted. |
If not enabled sensitive information at rest is not protected. |
On the AWS Glue console; you can enable this option on the Data catalog settings page. |
|
| FAIL |
medium |
glue |
eu-west-3 |
Check if Glue data catalog settings have encrypt connection password enabled. |
207592916039 |
Check if Glue data catalog settings have encrypt connection password enabled. |
glue_data_catalogs_connection_passwords_encryption_enabled |
Glue data catalog connection password is not encrypted. |
If not enabled sensitive information at rest is not protected. |
On the AWS Glue console; you can enable this option on the Data catalog settings page. |
|
| FAIL |
medium |
glue |
sa-east-1 |
Check if Glue data catalog settings have encrypt connection password enabled. |
207592916039 |
Check if Glue data catalog settings have encrypt connection password enabled. |
glue_data_catalogs_connection_passwords_encryption_enabled |
Glue data catalog connection password is not encrypted. |
If not enabled sensitive information at rest is not protected. |
On the AWS Glue console; you can enable this option on the Data catalog settings page. |
|
| FAIL |
medium |
glue |
us-east-1 |
Check if Glue data catalog settings have encrypt connection password enabled. |
207592916039 |
Check if Glue data catalog settings have encrypt connection password enabled. |
glue_data_catalogs_connection_passwords_encryption_enabled |
Glue data catalog connection password is not encrypted. |
If not enabled sensitive information at rest is not protected. |
On the AWS Glue console; you can enable this option on the Data catalog settings page. |
|
| FAIL |
medium |
glue |
us-east-2 |
Check if Glue data catalog settings have encrypt connection password enabled. |
207592916039 |
Check if Glue data catalog settings have encrypt connection password enabled. |
glue_data_catalogs_connection_passwords_encryption_enabled |
Glue data catalog connection password is not encrypted. |
If not enabled sensitive information at rest is not protected. |
On the AWS Glue console; you can enable this option on the Data catalog settings page. |
|
| FAIL |
medium |
glue |
us-west-1 |
Check if Glue data catalog settings have encrypt connection password enabled. |
207592916039 |
Check if Glue data catalog settings have encrypt connection password enabled. |
glue_data_catalogs_connection_passwords_encryption_enabled |
Glue data catalog connection password is not encrypted. |
If not enabled sensitive information at rest is not protected. |
On the AWS Glue console; you can enable this option on the Data catalog settings page. |
|
| FAIL |
medium |
glue |
us-west-2 |
Check if Glue data catalog settings have encrypt connection password enabled. |
207592916039 |
Check if Glue data catalog settings have encrypt connection password enabled. |
glue_data_catalogs_connection_passwords_encryption_enabled |
Glue data catalog connection password is not encrypted. |
If not enabled sensitive information at rest is not protected. |
On the AWS Glue console; you can enable this option on the Data catalog settings page. |
|
| FAIL |
medium |
glue |
ap-northeast-1 |
Check if Glue data catalog settings have metadata encryption enabled. |
207592916039 |
Check if Glue data catalog settings have metadata encryption enabled. |
glue_data_catalogs_metadata_encryption_enabled |
Glue data catalog settings have metadata encryption disabled. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
glue |
ap-northeast-2 |
Check if Glue data catalog settings have metadata encryption enabled. |
207592916039 |
Check if Glue data catalog settings have metadata encryption enabled. |
glue_data_catalogs_metadata_encryption_enabled |
Glue data catalog settings have metadata encryption disabled. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
glue |
ap-northeast-3 |
Check if Glue data catalog settings have metadata encryption enabled. |
207592916039 |
Check if Glue data catalog settings have metadata encryption enabled. |
glue_data_catalogs_metadata_encryption_enabled |
Glue data catalog settings have metadata encryption disabled. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
glue |
ap-south-1 |
Check if Glue data catalog settings have metadata encryption enabled. |
207592916039 |
Check if Glue data catalog settings have metadata encryption enabled. |
glue_data_catalogs_metadata_encryption_enabled |
Glue data catalog settings have metadata encryption disabled. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
glue |
ap-southeast-1 |
Check if Glue data catalog settings have metadata encryption enabled. |
207592916039 |
Check if Glue data catalog settings have metadata encryption enabled. |
glue_data_catalogs_metadata_encryption_enabled |
Glue data catalog settings have metadata encryption disabled. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
glue |
ap-southeast-2 |
Check if Glue data catalog settings have metadata encryption enabled. |
207592916039 |
Check if Glue data catalog settings have metadata encryption enabled. |
glue_data_catalogs_metadata_encryption_enabled |
Glue data catalog settings have metadata encryption disabled. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
glue |
ca-central-1 |
Check if Glue data catalog settings have metadata encryption enabled. |
207592916039 |
Check if Glue data catalog settings have metadata encryption enabled. |
glue_data_catalogs_metadata_encryption_enabled |
Glue data catalog settings have metadata encryption disabled. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
glue |
eu-central-1 |
Check if Glue data catalog settings have metadata encryption enabled. |
207592916039 |
Check if Glue data catalog settings have metadata encryption enabled. |
glue_data_catalogs_metadata_encryption_enabled |
Glue data catalog settings have metadata encryption disabled. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
glue |
eu-north-1 |
Check if Glue data catalog settings have metadata encryption enabled. |
207592916039 |
Check if Glue data catalog settings have metadata encryption enabled. |
glue_data_catalogs_metadata_encryption_enabled |
Glue data catalog settings have metadata encryption disabled. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
glue |
eu-west-1 |
Check if Glue data catalog settings have metadata encryption enabled. |
207592916039 |
Check if Glue data catalog settings have metadata encryption enabled. |
glue_data_catalogs_metadata_encryption_enabled |
Glue data catalog settings have metadata encryption disabled. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
glue |
eu-west-2 |
Check if Glue data catalog settings have metadata encryption enabled. |
207592916039 |
Check if Glue data catalog settings have metadata encryption enabled. |
glue_data_catalogs_metadata_encryption_enabled |
Glue data catalog settings have metadata encryption disabled. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
glue |
eu-west-3 |
Check if Glue data catalog settings have metadata encryption enabled. |
207592916039 |
Check if Glue data catalog settings have metadata encryption enabled. |
glue_data_catalogs_metadata_encryption_enabled |
Glue data catalog settings have metadata encryption disabled. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
glue |
sa-east-1 |
Check if Glue data catalog settings have metadata encryption enabled. |
207592916039 |
Check if Glue data catalog settings have metadata encryption enabled. |
glue_data_catalogs_metadata_encryption_enabled |
Glue data catalog settings have metadata encryption disabled. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
glue |
us-east-1 |
Check if Glue data catalog settings have metadata encryption enabled. |
207592916039 |
Check if Glue data catalog settings have metadata encryption enabled. |
glue_data_catalogs_metadata_encryption_enabled |
Glue data catalog settings have metadata encryption disabled. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
glue |
us-east-2 |
Check if Glue data catalog settings have metadata encryption enabled. |
207592916039 |
Check if Glue data catalog settings have metadata encryption enabled. |
glue_data_catalogs_metadata_encryption_enabled |
Glue data catalog settings have metadata encryption disabled. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
glue |
us-west-1 |
Check if Glue data catalog settings have metadata encryption enabled. |
207592916039 |
Check if Glue data catalog settings have metadata encryption enabled. |
glue_data_catalogs_metadata_encryption_enabled |
Glue data catalog settings have metadata encryption disabled. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| FAIL |
medium |
glue |
us-west-2 |
Check if Glue data catalog settings have metadata encryption enabled. |
207592916039 |
Check if Glue data catalog settings have metadata encryption enabled. |
glue_data_catalogs_metadata_encryption_enabled |
Glue data catalog settings have metadata encryption disabled. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| PASS |
high |
guardduty |
ap-south-1 |
Check if GuardDuty is enabled |
5ac2a730fb2559aaad612df09b3e00d7 |
Check if GuardDuty is enabled |
guardduty_is_enabled |
GuardDuty detector 5ac2a730fb2559aaad612df09b3e00d7 enabled |
Amazon GuardDuty is a continuous security monitoring service that analyzes and processes several datasources. |
Enable GuardDuty and analyze its findings. |
|
| PASS |
high |
guardduty |
ap-south-1 |
There are High severity GuardDuty findings |
5ac2a730fb2559aaad612df09b3e00d7 |
There are High severity GuardDuty findings |
guardduty_no_high_severity_findings |
GuardDuty detector 5ac2a730fb2559aaad612df09b3e00d7 does not have high severity findings. |
If critical findings are not addressed threats can spread in the environment. |
Review and remediate critical GuardDuty findings as quickly as possible. |
|
| FAIL |
high |
iam |
ap-south-1 |
Ensure users of groups with AdministratorAccess policy have MFA tokens enabled |
Admin_Access |
Ensure users of groups with AdministratorAccess policy have MFA tokens enabled |
iam_administrator_access_with_mfa |
Group Admin_Access provides administrator access to User v.vysakh@devopspace.com with MFA disabled. |
Policy may allow Anonymous users to perform actions. |
Ensure this repository and its contents should be publicly accessible. |
|
| PASS |
high |
iam |
ap-south-1 |
Ensure users of groups with AdministratorAccess policy have MFA tokens enabled |
FUGO-LOGS-S3 |
Ensure users of groups with AdministratorAccess policy have MFA tokens enabled |
iam_administrator_access_with_mfa |
Group FUGO-LOGS-S3 provides non-administrative access. |
Policy may allow Anonymous users to perform actions. |
Ensure this repository and its contents should be publicly accessible. |
|
| PASS |
high |
iam |
ap-south-1 |
Ensure users of groups with AdministratorAccess policy have MFA tokens enabled |
NOC-EC2-START-STOP |
Ensure users of groups with AdministratorAccess policy have MFA tokens enabled |
iam_administrator_access_with_mfa |
Group NOC-EC2-START-STOP provides non-administrative access. |
Policy may allow Anonymous users to perform actions. |
Ensure this repository and its contents should be publicly accessible. |
|
| PASS |
high |
iam |
ap-south-1 |
Ensure users of groups with AdministratorAccess policy have MFA tokens enabled |
Prowler |
Ensure users of groups with AdministratorAccess policy have MFA tokens enabled |
iam_administrator_access_with_mfa |
Group Prowler provides non-administrative access. |
Policy may allow Anonymous users to perform actions. |
Ensure this repository and its contents should be publicly accessible. |
|
| PASS |
high |
iam |
ap-south-1 |
Ensure users of groups with AdministratorAccess policy have MFA tokens enabled |
snapshot_drill |
Ensure users of groups with AdministratorAccess policy have MFA tokens enabled |
iam_administrator_access_with_mfa |
Group snapshot_drill provides non-administrative access. |
Policy may allow Anonymous users to perform actions. |
Ensure this repository and its contents should be publicly accessible. |
|
| FAIL |
high |
iam |
ap-south-1 |
Avoid the use of the root accounts |
<root_account> |
Avoid the use of the root account |
iam_avoid_root_usage |
Root user in the account was last accessed 251 days ago. |
The root account has unrestricted access to all resources in the AWS account. It is highly recommended that the use of this account be avoided. |
Follow the remediation instructions of the Ensure IAM policies are attached only to groups or roles recommendation. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 30 days or greater are disabled |
fugo-docs |
Ensure credentials unused for 30 days or greater are disabled |
iam_disable_30_days_credentials |
User fugo-docs has not a console password or is unused. |
To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 30 days or greater are disabled |
fugo-rds-db-backup-s3-access |
Ensure credentials unused for 30 days or greater are disabled |
iam_disable_30_days_credentials |
User fugo-rds-db-backup-s3-access has not a console password or is unused. |
To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 30 days or greater are disabled |
fugostaging_S3_Access |
Ensure credentials unused for 30 days or greater are disabled |
iam_disable_30_days_credentials |
User fugostaging_S3_Access has not a console password or is unused. |
To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 30 days or greater are disabled |
haritha.e@avanzegroup.com |
Ensure credentials unused for 30 days or greater are disabled |
iam_disable_30_days_credentials |
User haritha.e@avanzegroup.com has logged into the console in the past 30 days. |
To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 30 days or greater are disabled |
jaganmohana |
Ensure credentials unused for 30 days or greater are disabled |
iam_disable_30_days_credentials |
User jaganmohana has logged into the console in the past 30 days. |
To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 30 days or greater are disabled |
Niresh.raj |
Ensure credentials unused for 30 days or greater are disabled |
iam_disable_30_days_credentials |
User Niresh.raj has logged into the console in the past 30 days. |
To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| FAIL |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 30 days or greater are disabled |
prakash_k@fugocreative.com |
Ensure credentials unused for 30 days or greater are disabled |
iam_disable_30_days_credentials |
User prakash_k@fugocreative.com has not logged into the console in the past 30 days. |
To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 30 days or greater are disabled |
sujith.kumar@avanzegroup.com |
Ensure credentials unused for 30 days or greater are disabled |
iam_disable_30_days_credentials |
User sujith.kumar@avanzegroup.com has logged into the console in the past 30 days. |
To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 30 days or greater are disabled |
sukanya.baasavaraj@avanzegroup.com |
Ensure credentials unused for 30 days or greater are disabled |
iam_disable_30_days_credentials |
User sukanya.baasavaraj@avanzegroup.com has logged into the console in the past 30 days. |
To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 30 days or greater are disabled |
v.vysakh@devopspace.com |
Ensure credentials unused for 30 days or greater are disabled |
iam_disable_30_days_credentials |
User v.vysakh@devopspace.com has logged into the console in the past 30 days. |
To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 30 days or greater are disabled |
vysakh-s3-keys |
Ensure credentials unused for 30 days or greater are disabled |
iam_disable_30_days_credentials |
User vysakh-s3-keys has not a console password or is unused. |
To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 45 days or greater are disabled |
fugo-docs |
Ensure credentials unused for 45 days or greater are disabled |
iam_disable_45_days_credentials |
User fugo-docs has not a console password or is unused. |
To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 45 days or greater are disabled |
fugo-rds-db-backup-s3-access |
Ensure credentials unused for 45 days or greater are disabled |
iam_disable_45_days_credentials |
User fugo-rds-db-backup-s3-access has not a console password or is unused. |
To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 45 days or greater are disabled |
fugostaging_S3_Access |
Ensure credentials unused for 45 days or greater are disabled |
iam_disable_45_days_credentials |
User fugostaging_S3_Access has not a console password or is unused. |
To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 45 days or greater are disabled |
haritha.e@avanzegroup.com |
Ensure credentials unused for 45 days or greater are disabled |
iam_disable_45_days_credentials |
User haritha.e@avanzegroup.com has logged into the console in the past 45 days. |
To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 45 days or greater are disabled |
jaganmohana |
Ensure credentials unused for 45 days or greater are disabled |
iam_disable_45_days_credentials |
User jaganmohana has logged into the console in the past 45 days. |
To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 45 days or greater are disabled |
Niresh.raj |
Ensure credentials unused for 45 days or greater are disabled |
iam_disable_45_days_credentials |
User Niresh.raj has logged into the console in the past 45 days. |
To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| FAIL |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 45 days or greater are disabled |
prakash_k@fugocreative.com |
Ensure credentials unused for 45 days or greater are disabled |
iam_disable_45_days_credentials |
User prakash_k@fugocreative.com has not logged into the console in the past 45 days. |
To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 45 days or greater are disabled |
sujith.kumar@avanzegroup.com |
Ensure credentials unused for 45 days or greater are disabled |
iam_disable_45_days_credentials |
User sujith.kumar@avanzegroup.com has logged into the console in the past 45 days. |
To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 45 days or greater are disabled |
sukanya.baasavaraj@avanzegroup.com |
Ensure credentials unused for 45 days or greater are disabled |
iam_disable_45_days_credentials |
User sukanya.baasavaraj@avanzegroup.com has logged into the console in the past 45 days. |
To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 45 days or greater are disabled |
v.vysakh@devopspace.com |
Ensure credentials unused for 45 days or greater are disabled |
iam_disable_45_days_credentials |
User v.vysakh@devopspace.com has logged into the console in the past 45 days. |
To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 45 days or greater are disabled |
vysakh-s3-keys |
Ensure credentials unused for 45 days or greater are disabled |
iam_disable_45_days_credentials |
User vysakh-s3-keys has not a console password or is unused. |
To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 90 days or greater are disabled |
fugo-docs |
Ensure credentials unused for 90 days or greater are disabled |
iam_disable_90_days_credentials |
User fugo-docs has not a console password or is unused. |
AWS IAM users can access AWS resources using different types of credentials (passwords or access keys). It is recommended that all credentials that have been unused in 90 or greater days be removed or deactivated. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 90 days or greater are disabled |
fugo-rds-db-backup-s3-access |
Ensure credentials unused for 90 days or greater are disabled |
iam_disable_90_days_credentials |
User fugo-rds-db-backup-s3-access has not a console password or is unused. |
AWS IAM users can access AWS resources using different types of credentials (passwords or access keys). It is recommended that all credentials that have been unused in 90 or greater days be removed or deactivated. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 90 days or greater are disabled |
fugostaging_S3_Access |
Ensure credentials unused for 90 days or greater are disabled |
iam_disable_90_days_credentials |
User fugostaging_S3_Access has not a console password or is unused. |
AWS IAM users can access AWS resources using different types of credentials (passwords or access keys). It is recommended that all credentials that have been unused in 90 or greater days be removed or deactivated. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 90 days or greater are disabled |
haritha.e@avanzegroup.com |
Ensure credentials unused for 90 days or greater are disabled |
iam_disable_90_days_credentials |
User haritha.e@avanzegroup.com has logged into the console in the past 90 days. |
AWS IAM users can access AWS resources using different types of credentials (passwords or access keys). It is recommended that all credentials that have been unused in 90 or greater days be removed or deactivated. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 90 days or greater are disabled |
jaganmohana |
Ensure credentials unused for 90 days or greater are disabled |
iam_disable_90_days_credentials |
User jaganmohana has logged into the console in the past 90 days. |
AWS IAM users can access AWS resources using different types of credentials (passwords or access keys). It is recommended that all credentials that have been unused in 90 or greater days be removed or deactivated. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 90 days or greater are disabled |
Niresh.raj |
Ensure credentials unused for 90 days or greater are disabled |
iam_disable_90_days_credentials |
User Niresh.raj has logged into the console in the past 90 days. |
AWS IAM users can access AWS resources using different types of credentials (passwords or access keys). It is recommended that all credentials that have been unused in 90 or greater days be removed or deactivated. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| FAIL |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 90 days or greater are disabled |
prakash_k@fugocreative.com |
Ensure credentials unused for 90 days or greater are disabled |
iam_disable_90_days_credentials |
User prakash_k@fugocreative.com has not logged into the console in the past 90 days. |
AWS IAM users can access AWS resources using different types of credentials (passwords or access keys). It is recommended that all credentials that have been unused in 90 or greater days be removed or deactivated. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 90 days or greater are disabled |
sujith.kumar@avanzegroup.com |
Ensure credentials unused for 90 days or greater are disabled |
iam_disable_90_days_credentials |
User sujith.kumar@avanzegroup.com has logged into the console in the past 90 days. |
AWS IAM users can access AWS resources using different types of credentials (passwords or access keys). It is recommended that all credentials that have been unused in 90 or greater days be removed or deactivated. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 90 days or greater are disabled |
sukanya.baasavaraj@avanzegroup.com |
Ensure credentials unused for 90 days or greater are disabled |
iam_disable_90_days_credentials |
User sukanya.baasavaraj@avanzegroup.com has logged into the console in the past 90 days. |
AWS IAM users can access AWS resources using different types of credentials (passwords or access keys). It is recommended that all credentials that have been unused in 90 or greater days be removed or deactivated. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 90 days or greater are disabled |
v.vysakh@devopspace.com |
Ensure credentials unused for 90 days or greater are disabled |
iam_disable_90_days_credentials |
User v.vysakh@devopspace.com has logged into the console in the past 90 days. |
AWS IAM users can access AWS resources using different types of credentials (passwords or access keys). It is recommended that all credentials that have been unused in 90 or greater days be removed or deactivated. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure credentials unused for 90 days or greater are disabled |
vysakh-s3-keys |
Ensure credentials unused for 90 days or greater are disabled |
iam_disable_90_days_credentials |
User vysakh-s3-keys has not a console password or is unused. |
AWS IAM users can access AWS resources using different types of credentials (passwords or access keys). It is recommended that all credentials that have been unused in 90 or greater days be removed or deactivated. |
Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access. |
|
| PASS |
critical |
iam |
ap-south-1 |
Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) |
FUGO-CLOUD-WATCH |
Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) |
iam_no_custom_policy_permissive_role_assumption |
Custom Policy FUGO-CLOUD-WATCH does not allow permissive STS Role assumption |
If not restricted unintended access could happen. |
Use the least privilege principle when granting permissions. |
|
| PASS |
critical |
iam |
ap-south-1 |
Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) |
fugostaging_S3_Access |
Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) |
iam_no_custom_policy_permissive_role_assumption |
Custom Policy fugostaging_S3_Access does not allow permissive STS Role assumption |
If not restricted unintended access could happen. |
Use the least privilege principle when granting permissions. |
|
| PASS |
critical |
iam |
ap-south-1 |
Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) |
VPC-FLOW-LOGS |
Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) |
iam_no_custom_policy_permissive_role_assumption |
Custom Policy VPC-FLOW-LOGS does not allow permissive STS Role assumption |
If not restricted unintended access could happen. |
Use the least privilege principle when granting permissions. |
|
| PASS |
critical |
iam |
ap-south-1 |
Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) |
workspace_fullaccess |
Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) |
iam_no_custom_policy_permissive_role_assumption |
Custom Policy workspace_fullaccess does not allow permissive STS Role assumption |
If not restricted unintended access could happen. |
Use the least privilege principle when granting permissions. |
|
| PASS |
critical |
iam |
ap-south-1 |
Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) |
Prowler-Additions-Policy |
Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) |
iam_no_custom_policy_permissive_role_assumption |
Custom Policy Prowler-Additions-Policy does not allow permissive STS Role assumption |
If not restricted unintended access could happen. |
Use the least privilege principle when granting permissions. |
|
| PASS |
critical |
iam |
ap-south-1 |
Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) |
Grafana-start-stop |
Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) |
iam_no_custom_policy_permissive_role_assumption |
Custom Policy Grafana-start-stop does not allow permissive STS Role assumption |
If not restricted unintended access could happen. |
Use the least privilege principle when granting permissions. |
|
| PASS |
critical |
iam |
ap-south-1 |
Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) |
FUGO-S3-LOGS-ACCESS |
Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) |
iam_no_custom_policy_permissive_role_assumption |
Custom Policy FUGO-S3-LOGS-ACCESS does not allow permissive STS Role assumption |
If not restricted unintended access could happen. |
Use the least privilege principle when granting permissions. |
|
| PASS |
critical |
iam |
ap-south-1 |
Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) |
CloudTrailPolicyForCloudWatchLogs_64dbf00c-03c2-40ce-a9e7-5a010f254762 |
Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) |
iam_no_custom_policy_permissive_role_assumption |
Custom Policy CloudTrailPolicyForCloudWatchLogs_64dbf00c-03c2-40ce-a9e7-5a010f254762 does not allow permissive STS Role assumption |
If not restricted unintended access could happen. |
Use the least privilege principle when granting permissions. |
|
| PASS |
critical |
iam |
ap-south-1 |
Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) |
NOC-START-STOP |
Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) |
iam_no_custom_policy_permissive_role_assumption |
Custom Policy NOC-START-STOP does not allow permissive STS Role assumption |
If not restricted unintended access could happen. |
Use the least privilege principle when granting permissions. |
|
| PASS |
critical |
iam |
ap-south-1 |
Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) |
fugo-doc-iam |
Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) |
iam_no_custom_policy_permissive_role_assumption |
Custom Policy fugo-doc-iam does not allow permissive STS Role assumption |
If not restricted unintended access could happen. |
Use the least privilege principle when granting permissions. |
|
| PASS |
critical |
iam |
ap-south-1 |
Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) |
Jaganmohana-Allow-Start-And-Stop-Ec2 |
Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) |
iam_no_custom_policy_permissive_role_assumption |
Custom Policy Jaganmohana-Allow-Start-And-Stop-Ec2 does not allow permissive STS Role assumption |
If not restricted unintended access could happen. |
Use the least privilege principle when granting permissions. |
|
| PASS |
critical |
iam |
ap-south-1 |
Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) |
fugo-rds-db-backup-s3-policy |
Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) |
iam_no_custom_policy_permissive_role_assumption |
Custom Policy fugo-rds-db-backup-s3-policy does not allow permissive STS Role assumption |
If not restricted unintended access could happen. |
Use the least privilege principle when granting permissions. |
|
| PASS |
critical |
iam |
ap-south-1 |
Ensure no root account access key exists |
<root_account> |
Ensure no root account access key exists |
iam_no_root_access_key |
User <root_account> has not access keys. |
The root account is the most privileged user in an AWS account. AWS Access Keys provide programmatic access to a given AWS account. It is recommended that all access keys associated with the root account be removed. Removing access keys associated with the root account limits vectors by which the account can be compromised. Removing the root access keys encourages the creation and use of role based accounts that are least privileged. |
Use the credential report to that the user and ensure the access_key_1_active and access_key_2_active fields are set to FALSE. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure IAM password policy expires passwords within 90 days or less |
password_policy |
Ensure IAM password policy expires passwords within 90 days or less |
iam_password_policy_expires_passwords_within_90_days_or_less |
Password expiration is set lower than 90 days (30 days). |
Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one uppercase letter. |
Ensure Password expiration period (in days): is set to 90 or less. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure IAM password policy require at least one lowercase letter |
password_policy |
Ensure IAM password policy requires at least one uppercase letter |
iam_password_policy_lowercase |
IAM password policy does not require at least one lowercase letter. |
Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one lowercase letter. |
Ensure "Requires at least one lowercase letter" is checked under "Password Policy". |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure IAM password policy requires minimum length of 14 or greater |
password_policy |
Ensure IAM password policy requires minimum length of 14 or greater |
iam_password_policy_minimum_length_14 |
IAM password policy does not requires minimum length of 14 characters. |
Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require minimum length of 14 or greater. |
Ensure "Minimum password length" is checked under "Password Policy". |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure IAM password policy require at least one number |
password_policy |
Ensure IAM password policy require at least one number |
iam_password_policy_number |
IAM password policy does not require at least one number |
Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one number. |
Ensure "Require at least one number" is checked under "Password Policy". |
|
| FAIL |
medium |
iam |
ap-south-1 |
Ensure IAM password policy prevents password reuse: 24 or greater |
password_policy |
Ensure IAM password policy prevents password reuse: 24 or greater |
iam_password_policy_reuse_24 |
IAM password policy reuse prevention is less than 24 or not set. |
Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy prevents at least password reuse of 24 or greater. |
Ensure "Number of passwords to remember" is set to 24. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure IAM password policy require at least one symbol |
password_policy |
Ensure IAM password policy require at least one symbol |
iam_password_policy_symbol |
IAM password policy does not require at least one symbol. |
Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one non-alphanumeric character. |
Ensure "Require at least one non-alphanumeric character" is checked under "Password Policy". |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure IAM password policy requires at least one uppercase letter |
password_policy |
Ensure IAM password policy requires at least one uppercase letter |
iam_password_policy_uppercase |
IAM password policy requires at least one uppercase letter. |
Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one uppercase letter. |
Ensure "Requires at least one uppercase letter" is checked under "Password Policy". |
|
| PASS |
high |
iam |
ap-south-1 |
Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation |
FUGO-CLOUD-WATCH |
Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation |
iam_policy_allows_privilege_escalation |
Customer Managed IAM Policy arn:aws:iam::207592916039:policy/FUGO-CLOUD-WATCH not allows for privilege escalation |
Users with some IAM permissions are allowed to elevate their privileges up to administrator rights. |
Grant usage permission on a per-resource basis and applying least privilege principle. |
|
| PASS |
high |
iam |
ap-south-1 |
Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation |
fugostaging_S3_Access |
Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation |
iam_policy_allows_privilege_escalation |
Customer Managed IAM Policy arn:aws:iam::207592916039:policy/fugostaging_S3_Access not allows for privilege escalation |
Users with some IAM permissions are allowed to elevate their privileges up to administrator rights. |
Grant usage permission on a per-resource basis and applying least privilege principle. |
|
| PASS |
high |
iam |
ap-south-1 |
Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation |
VPC-FLOW-LOGS |
Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation |
iam_policy_allows_privilege_escalation |
Customer Managed IAM Policy arn:aws:iam::207592916039:policy/VPC-FLOW-LOGS not allows for privilege escalation |
Users with some IAM permissions are allowed to elevate their privileges up to administrator rights. |
Grant usage permission on a per-resource basis and applying least privilege principle. |
|
| FAIL |
high |
iam |
ap-south-1 |
Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation |
workspace_fullaccess |
Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation |
iam_policy_allows_privilege_escalation |
Customer Managed IAM Policy arn:aws:iam::207592916039:policy/workspace_fullaccess allows for privilege escalation using the following actions: {'iam:PassRole', 'iam:PutRolePolicy'} |
Users with some IAM permissions are allowed to elevate their privileges up to administrator rights. |
Grant usage permission on a per-resource basis and applying least privilege principle. |
|
| PASS |
high |
iam |
ap-south-1 |
Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation |
Prowler-Additions-Policy |
Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation |
iam_policy_allows_privilege_escalation |
Customer Managed IAM Policy arn:aws:iam::207592916039:policy/Prowler-Additions-Policy not allows for privilege escalation |
Users with some IAM permissions are allowed to elevate their privileges up to administrator rights. |
Grant usage permission on a per-resource basis and applying least privilege principle. |
|
| PASS |
high |
iam |
ap-south-1 |
Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation |
Grafana-start-stop |
Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation |
iam_policy_allows_privilege_escalation |
Customer Managed IAM Policy arn:aws:iam::207592916039:policy/Grafana-start-stop not allows for privilege escalation |
Users with some IAM permissions are allowed to elevate their privileges up to administrator rights. |
Grant usage permission on a per-resource basis and applying least privilege principle. |
|
| PASS |
high |
iam |
ap-south-1 |
Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation |
FUGO-S3-LOGS-ACCESS |
Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation |
iam_policy_allows_privilege_escalation |
Customer Managed IAM Policy arn:aws:iam::207592916039:policy/FUGO-S3-LOGS-ACCESS not allows for privilege escalation |
Users with some IAM permissions are allowed to elevate their privileges up to administrator rights. |
Grant usage permission on a per-resource basis and applying least privilege principle. |
|
| PASS |
high |
iam |
ap-south-1 |
Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation |
CloudTrailPolicyForCloudWatchLogs_64dbf00c-03c2-40ce-a9e7-5a010f254762 |
Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation |
iam_policy_allows_privilege_escalation |
Customer Managed IAM Policy arn:aws:iam::207592916039:policy/service-role/CloudTrailPolicyForCloudWatchLogs_64dbf00c-03c2-40ce-a9e7-5a010f254762 not allows for privilege escalation |
Users with some IAM permissions are allowed to elevate their privileges up to administrator rights. |
Grant usage permission on a per-resource basis and applying least privilege principle. |
|
| PASS |
high |
iam |
ap-south-1 |
Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation |
NOC-START-STOP |
Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation |
iam_policy_allows_privilege_escalation |
Customer Managed IAM Policy arn:aws:iam::207592916039:policy/NOC-START-STOP not allows for privilege escalation |
Users with some IAM permissions are allowed to elevate their privileges up to administrator rights. |
Grant usage permission on a per-resource basis and applying least privilege principle. |
|
| PASS |
high |
iam |
ap-south-1 |
Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation |
fugo-doc-iam |
Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation |
iam_policy_allows_privilege_escalation |
Customer Managed IAM Policy arn:aws:iam::207592916039:policy/fugo-doc-iam not allows for privilege escalation |
Users with some IAM permissions are allowed to elevate their privileges up to administrator rights. |
Grant usage permission on a per-resource basis and applying least privilege principle. |
|
| PASS |
high |
iam |
ap-south-1 |
Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation |
Jaganmohana-Allow-Start-And-Stop-Ec2 |
Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation |
iam_policy_allows_privilege_escalation |
Customer Managed IAM Policy arn:aws:iam::207592916039:policy/Jaganmohana-Allow-Start-And-Stop-Ec2 not allows for privilege escalation |
Users with some IAM permissions are allowed to elevate their privileges up to administrator rights. |
Grant usage permission on a per-resource basis and applying least privilege principle. |
|
| PASS |
high |
iam |
ap-south-1 |
Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation |
fugo-rds-db-backup-s3-policy |
Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation |
iam_policy_allows_privilege_escalation |
Customer Managed IAM Policy arn:aws:iam::207592916039:policy/fugo-rds-db-backup-s3-policy not allows for privilege escalation |
Users with some IAM permissions are allowed to elevate their privileges up to administrator rights. |
Grant usage permission on a per-resource basis and applying least privilege principle. |
|
| FAIL |
low |
iam |
ap-south-1 |
Ensure IAM policies are attached only to groups or roles |
fugo-docs |
Ensure IAM policies are attached only to groups or roles |
iam_policy_attached_only_to_group_or_roles |
User fugo-docs has attached the following policy fugo-doc-iam |
By default IAM users; groups; and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges. |
Remove any policy attached directly to the user. Use groups or roles instead. |
|
| FAIL |
low |
iam |
ap-south-1 |
Ensure IAM policies are attached only to groups or roles |
fugo-rds-db-backup-s3-access |
Ensure IAM policies are attached only to groups or roles |
iam_policy_attached_only_to_group_or_roles |
User fugo-rds-db-backup-s3-access has attached the following policy fugo-rds-db-backup-s3-policy |
By default IAM users; groups; and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges. |
Remove any policy attached directly to the user. Use groups or roles instead. |
|
| FAIL |
low |
iam |
ap-south-1 |
Ensure IAM policies are attached only to groups or roles |
fugostaging_S3_Access |
Ensure IAM policies are attached only to groups or roles |
iam_policy_attached_only_to_group_or_roles |
User fugostaging_S3_Access has attached the following policy fugostaging_S3_Access |
By default IAM users; groups; and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges. |
Remove any policy attached directly to the user. Use groups or roles instead. |
|
| PASS |
low |
iam |
ap-south-1 |
Ensure IAM policies are attached only to groups or roles |
haritha.e@avanzegroup.com |
Ensure IAM policies are attached only to groups or roles |
iam_policy_attached_only_to_group_or_roles |
User haritha.e@avanzegroup.com has no inline or attached policies |
By default IAM users; groups; and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges. |
Remove any policy attached directly to the user. Use groups or roles instead. |
|
| FAIL |
low |
iam |
ap-south-1 |
Ensure IAM policies are attached only to groups or roles |
jaganmohana |
Ensure IAM policies are attached only to groups or roles |
iam_policy_attached_only_to_group_or_roles |
User jaganmohana has attached the following policy ReadOnlyAccess |
By default IAM users; groups; and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges. |
Remove any policy attached directly to the user. Use groups or roles instead. |
|
| FAIL |
low |
iam |
ap-south-1 |
Ensure IAM policies are attached only to groups or roles |
jaganmohana |
Ensure IAM policies are attached only to groups or roles |
iam_policy_attached_only_to_group_or_roles |
User jaganmohana has attached the following policy Billing |
By default IAM users; groups; and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges. |
Remove any policy attached directly to the user. Use groups or roles instead. |
|
| FAIL |
low |
iam |
ap-south-1 |
Ensure IAM policies are attached only to groups or roles |
jaganmohana |
Ensure IAM policies are attached only to groups or roles |
iam_policy_attached_only_to_group_or_roles |
User jaganmohana has attached the following policy Jaganmohana-Allow-Start-And-Stop-Ec2 |
By default IAM users; groups; and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges. |
Remove any policy attached directly to the user. Use groups or roles instead. |
|
| FAIL |
low |
iam |
ap-south-1 |
Ensure IAM policies are attached only to groups or roles |
Niresh.raj |
Ensure IAM policies are attached only to groups or roles |
iam_policy_attached_only_to_group_or_roles |
User Niresh.raj has attached the following policy AdministratorAccess |
By default IAM users; groups; and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges. |
Remove any policy attached directly to the user. Use groups or roles instead. |
|
| FAIL |
low |
iam |
ap-south-1 |
Ensure IAM policies are attached only to groups or roles |
prakash_k@fugocreative.com |
Ensure IAM policies are attached only to groups or roles |
iam_policy_attached_only_to_group_or_roles |
User prakash_k@fugocreative.com has attached the following policy Billing |
By default IAM users; groups; and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges. |
Remove any policy attached directly to the user. Use groups or roles instead. |
|
| FAIL |
low |
iam |
ap-south-1 |
Ensure IAM policies are attached only to groups or roles |
sujith.kumar@avanzegroup.com |
Ensure IAM policies are attached only to groups or roles |
iam_policy_attached_only_to_group_or_roles |
User sujith.kumar@avanzegroup.com has attached the following policy AdministratorAccess |
By default IAM users; groups; and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges. |
Remove any policy attached directly to the user. Use groups or roles instead. |
|
| FAIL |
low |
iam |
ap-south-1 |
Ensure IAM policies are attached only to groups or roles |
sukanya.baasavaraj@avanzegroup.com |
Ensure IAM policies are attached only to groups or roles |
iam_policy_attached_only_to_group_or_roles |
User sukanya.baasavaraj@avanzegroup.com has attached the following policy AdministratorAccess |
By default IAM users; groups; and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges. |
Remove any policy attached directly to the user. Use groups or roles instead. |
|
| PASS |
low |
iam |
ap-south-1 |
Ensure IAM policies are attached only to groups or roles |
v.vysakh@devopspace.com |
Ensure IAM policies are attached only to groups or roles |
iam_policy_attached_only_to_group_or_roles |
User v.vysakh@devopspace.com has no inline or attached policies |
By default IAM users; groups; and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges. |
Remove any policy attached directly to the user. Use groups or roles instead. |
|
| FAIL |
low |
iam |
ap-south-1 |
Ensure IAM policies are attached only to groups or roles |
vysakh-s3-keys |
Ensure IAM policies are attached only to groups or roles |
iam_policy_attached_only_to_group_or_roles |
User vysakh-s3-keys has attached the following policy AmazonS3FullAccess |
By default IAM users; groups; and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges. |
Remove any policy attached directly to the user. Use groups or roles instead. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure IAM policies that allow full "*:*" administrative privileges are not created |
FUGO-CLOUD-WATCH |
Ensure IAM policies that allow full "*:*" administrative privileges are not created |
iam_policy_no_administrative_privileges |
Policy FUGO-CLOUD-WATCH does not allow '*:*' administrative privileges |
IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended and considered a standard security advice to grant least privilege—that is; granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions. |
It is more secure to start with a minimum set of permissions and grant additional permissions as necessary; rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure IAM policies that allow full "*:*" administrative privileges are not created |
fugostaging_S3_Access |
Ensure IAM policies that allow full "*:*" administrative privileges are not created |
iam_policy_no_administrative_privileges |
Policy fugostaging_S3_Access does not allow '*:*' administrative privileges |
IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended and considered a standard security advice to grant least privilege—that is; granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions. |
It is more secure to start with a minimum set of permissions and grant additional permissions as necessary; rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure IAM policies that allow full "*:*" administrative privileges are not created |
VPC-FLOW-LOGS |
Ensure IAM policies that allow full "*:*" administrative privileges are not created |
iam_policy_no_administrative_privileges |
Policy VPC-FLOW-LOGS does not allow '*:*' administrative privileges |
IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended and considered a standard security advice to grant least privilege—that is; granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions. |
It is more secure to start with a minimum set of permissions and grant additional permissions as necessary; rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure IAM policies that allow full "*:*" administrative privileges are not created |
workspace_fullaccess |
Ensure IAM policies that allow full "*:*" administrative privileges are not created |
iam_policy_no_administrative_privileges |
Policy workspace_fullaccess does not allow '*:*' administrative privileges |
IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended and considered a standard security advice to grant least privilege—that is; granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions. |
It is more secure to start with a minimum set of permissions and grant additional permissions as necessary; rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure IAM policies that allow full "*:*" administrative privileges are not created |
Prowler-Additions-Policy |
Ensure IAM policies that allow full "*:*" administrative privileges are not created |
iam_policy_no_administrative_privileges |
Policy Prowler-Additions-Policy does not allow '*:*' administrative privileges |
IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended and considered a standard security advice to grant least privilege—that is; granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions. |
It is more secure to start with a minimum set of permissions and grant additional permissions as necessary; rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure IAM policies that allow full "*:*" administrative privileges are not created |
Grafana-start-stop |
Ensure IAM policies that allow full "*:*" administrative privileges are not created |
iam_policy_no_administrative_privileges |
Policy Grafana-start-stop does not allow '*:*' administrative privileges |
IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended and considered a standard security advice to grant least privilege—that is; granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions. |
It is more secure to start with a minimum set of permissions and grant additional permissions as necessary; rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure IAM policies that allow full "*:*" administrative privileges are not created |
FUGO-S3-LOGS-ACCESS |
Ensure IAM policies that allow full "*:*" administrative privileges are not created |
iam_policy_no_administrative_privileges |
Policy FUGO-S3-LOGS-ACCESS does not allow '*:*' administrative privileges |
IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended and considered a standard security advice to grant least privilege—that is; granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions. |
It is more secure to start with a minimum set of permissions and grant additional permissions as necessary; rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure IAM policies that allow full "*:*" administrative privileges are not created |
CloudTrailPolicyForCloudWatchLogs_64dbf00c-03c2-40ce-a9e7-5a010f254762 |
Ensure IAM policies that allow full "*:*" administrative privileges are not created |
iam_policy_no_administrative_privileges |
Policy CloudTrailPolicyForCloudWatchLogs_64dbf00c-03c2-40ce-a9e7-5a010f254762 does not allow '*:*' administrative privileges |
IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended and considered a standard security advice to grant least privilege—that is; granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions. |
It is more secure to start with a minimum set of permissions and grant additional permissions as necessary; rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure IAM policies that allow full "*:*" administrative privileges are not created |
NOC-START-STOP |
Ensure IAM policies that allow full "*:*" administrative privileges are not created |
iam_policy_no_administrative_privileges |
Policy NOC-START-STOP does not allow '*:*' administrative privileges |
IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended and considered a standard security advice to grant least privilege—that is; granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions. |
It is more secure to start with a minimum set of permissions and grant additional permissions as necessary; rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure IAM policies that allow full "*:*" administrative privileges are not created |
fugo-doc-iam |
Ensure IAM policies that allow full "*:*" administrative privileges are not created |
iam_policy_no_administrative_privileges |
Policy fugo-doc-iam does not allow '*:*' administrative privileges |
IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended and considered a standard security advice to grant least privilege—that is; granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions. |
It is more secure to start with a minimum set of permissions and grant additional permissions as necessary; rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure IAM policies that allow full "*:*" administrative privileges are not created |
Jaganmohana-Allow-Start-And-Stop-Ec2 |
Ensure IAM policies that allow full "*:*" administrative privileges are not created |
iam_policy_no_administrative_privileges |
Policy Jaganmohana-Allow-Start-And-Stop-Ec2 does not allow '*:*' administrative privileges |
IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended and considered a standard security advice to grant least privilege—that is; granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions. |
It is more secure to start with a minimum set of permissions and grant additional permissions as necessary; rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure IAM policies that allow full "*:*" administrative privileges are not created |
fugo-rds-db-backup-s3-policy |
Ensure IAM policies that allow full "*:*" administrative privileges are not created |
iam_policy_no_administrative_privileges |
Policy fugo-rds-db-backup-s3-policy does not allow '*:*' administrative privileges |
IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended and considered a standard security advice to grant least privilege—that is; granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions. |
It is more secure to start with a minimum set of permissions and grant additional permissions as necessary; rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities. |
|
| FAIL |
critical |
iam |
ap-south-1 |
Ensure hardware MFA is enabled for the root account |
root |
Ensure hardware MFA is enabled for the root account |
iam_root_hardware_mfa_enabled |
MFA is not enabled for root account. |
The root account is the most privileged user in an AWS account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled when a user signs in to an AWS website they will be prompted for their user name and password as well as for an authentication code from their AWS MFA device. For Level 2 it is recommended that the root account be protected with a hardware MFA. |
Using IAM console navigate to Dashboard and expand Activate MFA on your root account. |
|
| FAIL |
critical |
iam |
ap-south-1 |
Ensure MFA is enabled for the root account |
<root_account> |
Ensure MFA is enabled for the root account |
iam_root_mfa_enabled |
MFA is not enabled for root account. |
The root account is the most privileged user in an AWS account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled when a user signs in to an AWS website they will be prompted for their user name and password as well as for an authentication code from their AWS MFA device. When virtual MFA is used for root accounts it is recommended that the device used is NOT a personal device but rather a dedicated mobile device (tablet or phone) that is managed to be kept charged and secured independent of any individual personal devices. (non-personal virtual MFA) This lessens the risks of losing access to the MFA due to device loss / trade-in or if the individual owning the device is no longer employed at the company. |
Using IAM console navigate to Dashboard and expand Activate MFA on your root account. |
|
| FAIL |
medium |
iam |
ap-south-1 |
Ensure access keys are rotated every 90 days or less |
<root_account> |
Ensure access keys are rotated every 90 days or less |
iam_rotate_access_key_90_days |
User <root_account> has not rotated access key 1 in over 90 days (370 days). |
Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated. |
Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago. |
|
| FAIL |
medium |
iam |
ap-south-1 |
Ensure access keys are rotated every 90 days or less |
fugo-docs |
Ensure access keys are rotated every 90 days or less |
iam_rotate_access_key_90_days |
User fugo-docs has not rotated access key 1 in over 90 days (765 days). |
Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated. |
Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure access keys are rotated every 90 days or less |
fugo-rds-db-backup-s3-access |
Ensure access keys are rotated every 90 days or less |
iam_rotate_access_key_90_days |
User fugo-rds-db-backup-s3-access has access keys not older than 90 days. |
Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated. |
Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure access keys are rotated every 90 days or less |
fugostaging_S3_Access |
Ensure access keys are rotated every 90 days or less |
iam_rotate_access_key_90_days |
User fugostaging_S3_Access has access keys not older than 90 days. |
Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated. |
Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure access keys are rotated every 90 days or less |
haritha.e@avanzegroup.com |
Ensure access keys are rotated every 90 days or less |
iam_rotate_access_key_90_days |
User haritha.e@avanzegroup.com has access keys not older than 90 days. |
Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated. |
Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure access keys are rotated every 90 days or less |
jaganmohana |
Ensure access keys are rotated every 90 days or less |
iam_rotate_access_key_90_days |
User jaganmohana has not access keys. |
Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated. |
Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure access keys are rotated every 90 days or less |
Niresh.raj |
Ensure access keys are rotated every 90 days or less |
iam_rotate_access_key_90_days |
User Niresh.raj has access keys not older than 90 days. |
Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated. |
Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure access keys are rotated every 90 days or less |
prakash_k@fugocreative.com |
Ensure access keys are rotated every 90 days or less |
iam_rotate_access_key_90_days |
User prakash_k@fugocreative.com has not access keys. |
Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated. |
Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure access keys are rotated every 90 days or less |
sujith.kumar@avanzegroup.com |
Ensure access keys are rotated every 90 days or less |
iam_rotate_access_key_90_days |
User sujith.kumar@avanzegroup.com has access keys not older than 90 days. |
Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated. |
Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure access keys are rotated every 90 days or less |
sukanya.baasavaraj@avanzegroup.com |
Ensure access keys are rotated every 90 days or less |
iam_rotate_access_key_90_days |
User sukanya.baasavaraj@avanzegroup.com has access keys not older than 90 days. |
Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated. |
Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure access keys are rotated every 90 days or less |
v.vysakh@devopspace.com |
Ensure access keys are rotated every 90 days or less |
iam_rotate_access_key_90_days |
User v.vysakh@devopspace.com has access keys not older than 90 days. |
Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated. |
Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure access keys are rotated every 90 days or less |
vysakh-s3-keys |
Ensure access keys are rotated every 90 days or less |
iam_rotate_access_key_90_days |
User vysakh-s3-keys has access keys not older than 90 days. |
Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated. |
Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago. |
|
| PASS |
medium |
iam |
ap-south-1 |
Ensure a support role has been created to manage incidents with AWS Support |
AWSSupportServiceRolePolicy |
Ensure a support role has been created to manage incidents with AWS Support |
iam_support_role_created |
Support policy attached to role AWSServiceRoleForSupport |
AWS provides a support center that can be used for incident notification and response; as well as technical support and customer services. Create an IAM Role to allow authorized users to manage incidents with AWS Support. |
Create an IAM role for managing incidents with AWS. |
|
| FAIL |
medium |
iam |
ap-south-1 |
Check if IAM users have Hardware MFA enabled. |
fugo-docs |
Check if IAM users have Hardware MFA enabled. |
iam_user_hardware_mfa_enabled |
User fugo-docs has not any type of MFA enabled. |
Hardware MFA is preferred over virtual MFA. |
Enable hardware MFA device for an IAM user from the AWS Management Console; the command line; or the IAM API. |
|
| FAIL |
medium |
iam |
ap-south-1 |
Check if IAM users have Hardware MFA enabled. |
fugo-rds-db-backup-s3-access |
Check if IAM users have Hardware MFA enabled. |
iam_user_hardware_mfa_enabled |
User fugo-rds-db-backup-s3-access has not any type of MFA enabled. |
Hardware MFA is preferred over virtual MFA. |
Enable hardware MFA device for an IAM user from the AWS Management Console; the command line; or the IAM API. |
|
| FAIL |
medium |
iam |
ap-south-1 |
Check if IAM users have Hardware MFA enabled. |
fugostaging_S3_Access |
Check if IAM users have Hardware MFA enabled. |
iam_user_hardware_mfa_enabled |
User fugostaging_S3_Access has not any type of MFA enabled. |
Hardware MFA is preferred over virtual MFA. |
Enable hardware MFA device for an IAM user from the AWS Management Console; the command line; or the IAM API. |
|
| FAIL |
medium |
iam |
ap-south-1 |
Check if IAM users have Hardware MFA enabled. |
haritha.e@avanzegroup.com |
Check if IAM users have Hardware MFA enabled. |
iam_user_hardware_mfa_enabled |
User haritha.e@avanzegroup.com has a virtual MFA instead of a hardware MFA enabled. |
Hardware MFA is preferred over virtual MFA. |
Enable hardware MFA device for an IAM user from the AWS Management Console; the command line; or the IAM API. |
|
| FAIL |
medium |
iam |
ap-south-1 |
Check if IAM users have Hardware MFA enabled. |
jaganmohana |
Check if IAM users have Hardware MFA enabled. |
iam_user_hardware_mfa_enabled |
User jaganmohana has a virtual MFA instead of a hardware MFA enabled. |
Hardware MFA is preferred over virtual MFA. |
Enable hardware MFA device for an IAM user from the AWS Management Console; the command line; or the IAM API. |
|
| FAIL |
medium |
iam |
ap-south-1 |
Check if IAM users have Hardware MFA enabled. |
Niresh.raj |
Check if IAM users have Hardware MFA enabled. |
iam_user_hardware_mfa_enabled |
User Niresh.raj has a virtual MFA instead of a hardware MFA enabled. |
Hardware MFA is preferred over virtual MFA. |
Enable hardware MFA device for an IAM user from the AWS Management Console; the command line; or the IAM API. |
|
| FAIL |
medium |
iam |
ap-south-1 |
Check if IAM users have Hardware MFA enabled. |
prakash_k@fugocreative.com |
Check if IAM users have Hardware MFA enabled. |
iam_user_hardware_mfa_enabled |
User prakash_k@fugocreative.com has not any type of MFA enabled. |
Hardware MFA is preferred over virtual MFA. |
Enable hardware MFA device for an IAM user from the AWS Management Console; the command line; or the IAM API. |
|
| FAIL |
medium |
iam |
ap-south-1 |
Check if IAM users have Hardware MFA enabled. |
sujith.kumar@avanzegroup.com |
Check if IAM users have Hardware MFA enabled. |
iam_user_hardware_mfa_enabled |
User sujith.kumar@avanzegroup.com has a virtual MFA instead of a hardware MFA enabled. |
Hardware MFA is preferred over virtual MFA. |
Enable hardware MFA device for an IAM user from the AWS Management Console; the command line; or the IAM API. |
|
| FAIL |
medium |
iam |
ap-south-1 |
Check if IAM users have Hardware MFA enabled. |
sukanya.baasavaraj@avanzegroup.com |
Check if IAM users have Hardware MFA enabled. |
iam_user_hardware_mfa_enabled |
User sukanya.baasavaraj@avanzegroup.com has a virtual MFA instead of a hardware MFA enabled. |
Hardware MFA is preferred over virtual MFA. |
Enable hardware MFA device for an IAM user from the AWS Management Console; the command line; or the IAM API. |
|
| FAIL |
medium |
iam |
ap-south-1 |
Check if IAM users have Hardware MFA enabled. |
v.vysakh@devopspace.com |
Check if IAM users have Hardware MFA enabled. |
iam_user_hardware_mfa_enabled |
User v.vysakh@devopspace.com has not any type of MFA enabled. |
Hardware MFA is preferred over virtual MFA. |
Enable hardware MFA device for an IAM user from the AWS Management Console; the command line; or the IAM API. |
|
| FAIL |
medium |
iam |
ap-south-1 |
Check if IAM users have Hardware MFA enabled. |
vysakh-s3-keys |
Check if IAM users have Hardware MFA enabled. |
iam_user_hardware_mfa_enabled |
User vysakh-s3-keys has not any type of MFA enabled. |
Hardware MFA is preferred over virtual MFA. |
Enable hardware MFA device for an IAM user from the AWS Management Console; the command line; or the IAM API. |
|
| PASS |
high |
iam |
ap-south-1 |
Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. |
<root_account> |
Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. |
iam_user_mfa_enabled_console_access |
User <root_account> has not Console Password enabled. |
Unauthorized access to this critical account if password is not secure or it is disclosed in any way. |
Enable MFA for users account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA. |
|
| FAIL |
high |
iam |
ap-south-1 |
Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. |
fugo-docs |
Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. |
iam_user_mfa_enabled_console_access |
User fugo-docs has Console Password enabled but MFA disabled. |
Unauthorized access to this critical account if password is not secure or it is disclosed in any way. |
Enable MFA for users account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA. |
|
| FAIL |
high |
iam |
ap-south-1 |
Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. |
fugo-rds-db-backup-s3-access |
Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. |
iam_user_mfa_enabled_console_access |
User fugo-rds-db-backup-s3-access has Console Password enabled but MFA disabled. |
Unauthorized access to this critical account if password is not secure or it is disclosed in any way. |
Enable MFA for users account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA. |
|
| FAIL |
high |
iam |
ap-south-1 |
Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. |
fugostaging_S3_Access |
Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. |
iam_user_mfa_enabled_console_access |
User fugostaging_S3_Access has Console Password enabled but MFA disabled. |
Unauthorized access to this critical account if password is not secure or it is disclosed in any way. |
Enable MFA for users account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA. |
|
| PASS |
high |
iam |
ap-south-1 |
Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. |
haritha.e@avanzegroup.com |
Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. |
iam_user_mfa_enabled_console_access |
User haritha.e@avanzegroup.com has Console Password enabled and MFA enabled. |
Unauthorized access to this critical account if password is not secure or it is disclosed in any way. |
Enable MFA for users account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA. |
|
| PASS |
high |
iam |
ap-south-1 |
Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. |
jaganmohana |
Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. |
iam_user_mfa_enabled_console_access |
User jaganmohana has Console Password enabled and MFA enabled. |
Unauthorized access to this critical account if password is not secure or it is disclosed in any way. |
Enable MFA for users account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA. |
|
| PASS |
high |
iam |
ap-south-1 |
Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. |
Niresh.raj |
Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. |
iam_user_mfa_enabled_console_access |
User Niresh.raj has Console Password enabled and MFA enabled. |
Unauthorized access to this critical account if password is not secure or it is disclosed in any way. |
Enable MFA for users account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA. |
|
| FAIL |
high |
iam |
ap-south-1 |
Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. |
prakash_k@fugocreative.com |
Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. |
iam_user_mfa_enabled_console_access |
User prakash_k@fugocreative.com has Console Password enabled but MFA disabled. |
Unauthorized access to this critical account if password is not secure or it is disclosed in any way. |
Enable MFA for users account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA. |
|
| PASS |
high |
iam |
ap-south-1 |
Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. |
sujith.kumar@avanzegroup.com |
Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. |
iam_user_mfa_enabled_console_access |
User sujith.kumar@avanzegroup.com has Console Password enabled and MFA enabled. |
Unauthorized access to this critical account if password is not secure or it is disclosed in any way. |
Enable MFA for users account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA. |
|
| PASS |
high |
iam |
ap-south-1 |
Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. |
sukanya.baasavaraj@avanzegroup.com |
Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. |
iam_user_mfa_enabled_console_access |
User sukanya.baasavaraj@avanzegroup.com has Console Password enabled and MFA enabled. |
Unauthorized access to this critical account if password is not secure or it is disclosed in any way. |
Enable MFA for users account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA. |
|
| FAIL |
high |
iam |
ap-south-1 |
Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. |
v.vysakh@devopspace.com |
Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. |
iam_user_mfa_enabled_console_access |
User v.vysakh@devopspace.com has Console Password enabled but MFA disabled. |
Unauthorized access to this critical account if password is not secure or it is disclosed in any way. |
Enable MFA for users account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA. |
|
| FAIL |
high |
iam |
ap-south-1 |
Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. |
vysakh-s3-keys |
Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. |
iam_user_mfa_enabled_console_access |
User vysakh-s3-keys has Console Password enabled but MFA disabled. |
Unauthorized access to this critical account if password is not secure or it is disclosed in any way. |
Enable MFA for users account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA. |
|
| PASS |
medium |
iam |
ap-south-1 |
Do not setup access keys during initial user setup for all IAM users that have a console password |
<root_account> |
Do not setup access keys during initial user setup for all IAM users that have a console password |
iam_user_no_setup_initial_access_key |
User <root_account> does not have access keys or uses the access keys configured |
AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials; it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization. |
From the IAM console: generate credential report and disable not required keys. |
|
| PASS |
medium |
iam |
ap-south-1 |
Do not setup access keys during initial user setup for all IAM users that have a console password |
fugo-docs |
Do not setup access keys during initial user setup for all IAM users that have a console password |
iam_user_no_setup_initial_access_key |
User fugo-docs does not have access keys or uses the access keys configured |
AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials; it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization. |
From the IAM console: generate credential report and disable not required keys. |
|
| PASS |
medium |
iam |
ap-south-1 |
Do not setup access keys during initial user setup for all IAM users that have a console password |
fugo-rds-db-backup-s3-access |
Do not setup access keys during initial user setup for all IAM users that have a console password |
iam_user_no_setup_initial_access_key |
User fugo-rds-db-backup-s3-access does not have access keys or uses the access keys configured |
AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials; it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization. |
From the IAM console: generate credential report and disable not required keys. |
|
| PASS |
medium |
iam |
ap-south-1 |
Do not setup access keys during initial user setup for all IAM users that have a console password |
fugostaging_S3_Access |
Do not setup access keys during initial user setup for all IAM users that have a console password |
iam_user_no_setup_initial_access_key |
User fugostaging_S3_Access does not have access keys or uses the access keys configured |
AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials; it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization. |
From the IAM console: generate credential report and disable not required keys. |
|
| FAIL |
medium |
iam |
ap-south-1 |
Do not setup access keys during initial user setup for all IAM users that have a console password |
haritha.e@avanzegroup.com |
Do not setup access keys during initial user setup for all IAM users that have a console password |
iam_user_no_setup_initial_access_key |
User haritha.e@avanzegroup.com has never used access key 1 |
AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials; it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization. |
From the IAM console: generate credential report and disable not required keys. |
|
| PASS |
medium |
iam |
ap-south-1 |
Do not setup access keys during initial user setup for all IAM users that have a console password |
jaganmohana |
Do not setup access keys during initial user setup for all IAM users that have a console password |
iam_user_no_setup_initial_access_key |
User jaganmohana does not have access keys or uses the access keys configured |
AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials; it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization. |
From the IAM console: generate credential report and disable not required keys. |
|
| FAIL |
medium |
iam |
ap-south-1 |
Do not setup access keys during initial user setup for all IAM users that have a console password |
Niresh.raj |
Do not setup access keys during initial user setup for all IAM users that have a console password |
iam_user_no_setup_initial_access_key |
User Niresh.raj has never used access key 1 |
AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials; it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization. |
From the IAM console: generate credential report and disable not required keys. |
|
| PASS |
medium |
iam |
ap-south-1 |
Do not setup access keys during initial user setup for all IAM users that have a console password |
prakash_k@fugocreative.com |
Do not setup access keys during initial user setup for all IAM users that have a console password |
iam_user_no_setup_initial_access_key |
User prakash_k@fugocreative.com does not have access keys or uses the access keys configured |
AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials; it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization. |
From the IAM console: generate credential report and disable not required keys. |
|
| FAIL |
medium |
iam |
ap-south-1 |
Do not setup access keys during initial user setup for all IAM users that have a console password |
sujith.kumar@avanzegroup.com |
Do not setup access keys during initial user setup for all IAM users that have a console password |
iam_user_no_setup_initial_access_key |
User sujith.kumar@avanzegroup.com has never used access key 1 |
AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials; it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization. |
From the IAM console: generate credential report and disable not required keys. |
|
| FAIL |
medium |
iam |
ap-south-1 |
Do not setup access keys during initial user setup for all IAM users that have a console password |
sukanya.baasavaraj@avanzegroup.com |
Do not setup access keys during initial user setup for all IAM users that have a console password |
iam_user_no_setup_initial_access_key |
User sukanya.baasavaraj@avanzegroup.com has never used access key 1 |
AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials; it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization. |
From the IAM console: generate credential report and disable not required keys. |
|
| FAIL |
medium |
iam |
ap-south-1 |
Do not setup access keys during initial user setup for all IAM users that have a console password |
v.vysakh@devopspace.com |
Do not setup access keys during initial user setup for all IAM users that have a console password |
iam_user_no_setup_initial_access_key |
User v.vysakh@devopspace.com has never used access key 1 |
AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials; it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization. |
From the IAM console: generate credential report and disable not required keys. |
|
| PASS |
medium |
iam |
ap-south-1 |
Do not setup access keys during initial user setup for all IAM users that have a console password |
vysakh-s3-keys |
Do not setup access keys during initial user setup for all IAM users that have a console password |
iam_user_no_setup_initial_access_key |
User vysakh-s3-keys does not have access keys or uses the access keys configured |
AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials; it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization. |
From the IAM console: generate credential report and disable not required keys. |
|
| PASS |
medium |
iam |
ap-south-1 |
Check if IAM users have two active access keys |
<root_account> |
Check if IAM users have two active access keys |
iam_user_two_active_access_key |
User <root_account> has not 2 active access keys. |
Access Keys could be lost or stolen. It creates a critical risk. |
Avoid using long lived access keys. |
|
| FAIL |
medium |
iam |
ap-south-1 |
Check if IAM users have two active access keys |
fugo-docs |
Check if IAM users have two active access keys |
iam_user_two_active_access_key |
User fugo-docs has 2 active access keys. |
Access Keys could be lost or stolen. It creates a critical risk. |
Avoid using long lived access keys. |
|
| PASS |
medium |
iam |
ap-south-1 |
Check if IAM users have two active access keys |
fugo-rds-db-backup-s3-access |
Check if IAM users have two active access keys |
iam_user_two_active_access_key |
User fugo-rds-db-backup-s3-access has not 2 active access keys. |
Access Keys could be lost or stolen. It creates a critical risk. |
Avoid using long lived access keys. |
|
| PASS |
medium |
iam |
ap-south-1 |
Check if IAM users have two active access keys |
fugostaging_S3_Access |
Check if IAM users have two active access keys |
iam_user_two_active_access_key |
User fugostaging_S3_Access has not 2 active access keys. |
Access Keys could be lost or stolen. It creates a critical risk. |
Avoid using long lived access keys. |
|
| PASS |
medium |
iam |
ap-south-1 |
Check if IAM users have two active access keys |
haritha.e@avanzegroup.com |
Check if IAM users have two active access keys |
iam_user_two_active_access_key |
User haritha.e@avanzegroup.com has not 2 active access keys. |
Access Keys could be lost or stolen. It creates a critical risk. |
Avoid using long lived access keys. |
|
| PASS |
medium |
iam |
ap-south-1 |
Check if IAM users have two active access keys |
jaganmohana |
Check if IAM users have two active access keys |
iam_user_two_active_access_key |
User jaganmohana has not 2 active access keys. |
Access Keys could be lost or stolen. It creates a critical risk. |
Avoid using long lived access keys. |
|
| PASS |
medium |
iam |
ap-south-1 |
Check if IAM users have two active access keys |
Niresh.raj |
Check if IAM users have two active access keys |
iam_user_two_active_access_key |
User Niresh.raj has not 2 active access keys. |
Access Keys could be lost or stolen. It creates a critical risk. |
Avoid using long lived access keys. |
|
| PASS |
medium |
iam |
ap-south-1 |
Check if IAM users have two active access keys |
prakash_k@fugocreative.com |
Check if IAM users have two active access keys |
iam_user_two_active_access_key |
User prakash_k@fugocreative.com has not 2 active access keys. |
Access Keys could be lost or stolen. It creates a critical risk. |
Avoid using long lived access keys. |
|
| PASS |
medium |
iam |
ap-south-1 |
Check if IAM users have two active access keys |
sujith.kumar@avanzegroup.com |
Check if IAM users have two active access keys |
iam_user_two_active_access_key |
User sujith.kumar@avanzegroup.com has not 2 active access keys. |
Access Keys could be lost or stolen. It creates a critical risk. |
Avoid using long lived access keys. |
|
| PASS |
medium |
iam |
ap-south-1 |
Check if IAM users have two active access keys |
sukanya.baasavaraj@avanzegroup.com |
Check if IAM users have two active access keys |
iam_user_two_active_access_key |
User sukanya.baasavaraj@avanzegroup.com has not 2 active access keys. |
Access Keys could be lost or stolen. It creates a critical risk. |
Avoid using long lived access keys. |
|
| PASS |
medium |
iam |
ap-south-1 |
Check if IAM users have two active access keys |
v.vysakh@devopspace.com |
Check if IAM users have two active access keys |
iam_user_two_active_access_key |
User v.vysakh@devopspace.com has not 2 active access keys. |
Access Keys could be lost or stolen. It creates a critical risk. |
Avoid using long lived access keys. |
|
| PASS |
medium |
iam |
ap-south-1 |
Check if IAM users have two active access keys |
vysakh-s3-keys |
Check if IAM users have two active access keys |
iam_user_two_active_access_key |
User vysakh-s3-keys has not 2 active access keys. |
Access Keys could be lost or stolen. It creates a critical risk. |
Avoid using long lived access keys. |
|
| FAIL |
low |
macie |
ap-northeast-1 |
Check if Amazon Macie is enabled. |
Macie |
Check if Amazon Macie is enabled. |
macie_is_enabled |
Macie is not enabled. |
Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS. |
Enable Amazon Macie and create appropriate jobs to discover sensitive data. |
|
| FAIL |
low |
macie |
ap-northeast-2 |
Check if Amazon Macie is enabled. |
Macie |
Check if Amazon Macie is enabled. |
macie_is_enabled |
Macie is not enabled. |
Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS. |
Enable Amazon Macie and create appropriate jobs to discover sensitive data. |
|
| FAIL |
low |
macie |
ap-northeast-3 |
Check if Amazon Macie is enabled. |
Macie |
Check if Amazon Macie is enabled. |
macie_is_enabled |
Macie is not enabled. |
Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS. |
Enable Amazon Macie and create appropriate jobs to discover sensitive data. |
|
| FAIL |
low |
macie |
ap-south-1 |
Check if Amazon Macie is enabled. |
Macie |
Check if Amazon Macie is enabled. |
macie_is_enabled |
Macie is not enabled. |
Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS. |
Enable Amazon Macie and create appropriate jobs to discover sensitive data. |
|
| FAIL |
low |
macie |
ap-southeast-1 |
Check if Amazon Macie is enabled. |
Macie |
Check if Amazon Macie is enabled. |
macie_is_enabled |
Macie is not enabled. |
Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS. |
Enable Amazon Macie and create appropriate jobs to discover sensitive data. |
|
| FAIL |
low |
macie |
ap-southeast-2 |
Check if Amazon Macie is enabled. |
Macie |
Check if Amazon Macie is enabled. |
macie_is_enabled |
Macie is not enabled. |
Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS. |
Enable Amazon Macie and create appropriate jobs to discover sensitive data. |
|
| FAIL |
low |
macie |
ca-central-1 |
Check if Amazon Macie is enabled. |
Macie |
Check if Amazon Macie is enabled. |
macie_is_enabled |
Macie is not enabled. |
Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS. |
Enable Amazon Macie and create appropriate jobs to discover sensitive data. |
|
| FAIL |
low |
macie |
eu-central-1 |
Check if Amazon Macie is enabled. |
Macie |
Check if Amazon Macie is enabled. |
macie_is_enabled |
Macie is not enabled. |
Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS. |
Enable Amazon Macie and create appropriate jobs to discover sensitive data. |
|
| FAIL |
low |
macie |
eu-north-1 |
Check if Amazon Macie is enabled. |
Macie |
Check if Amazon Macie is enabled. |
macie_is_enabled |
Macie is not enabled. |
Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS. |
Enable Amazon Macie and create appropriate jobs to discover sensitive data. |
|
| FAIL |
low |
macie |
eu-west-1 |
Check if Amazon Macie is enabled. |
Macie |
Check if Amazon Macie is enabled. |
macie_is_enabled |
Macie is not enabled. |
Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS. |
Enable Amazon Macie and create appropriate jobs to discover sensitive data. |
|
| FAIL |
low |
macie |
eu-west-2 |
Check if Amazon Macie is enabled. |
Macie |
Check if Amazon Macie is enabled. |
macie_is_enabled |
Macie is not enabled. |
Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS. |
Enable Amazon Macie and create appropriate jobs to discover sensitive data. |
|
| FAIL |
low |
macie |
eu-west-3 |
Check if Amazon Macie is enabled. |
Macie |
Check if Amazon Macie is enabled. |
macie_is_enabled |
Macie is not enabled. |
Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS. |
Enable Amazon Macie and create appropriate jobs to discover sensitive data. |
|
| FAIL |
low |
macie |
sa-east-1 |
Check if Amazon Macie is enabled. |
Macie |
Check if Amazon Macie is enabled. |
macie_is_enabled |
Macie is not enabled. |
Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS. |
Enable Amazon Macie and create appropriate jobs to discover sensitive data. |
|
| FAIL |
low |
macie |
us-east-1 |
Check if Amazon Macie is enabled. |
Macie |
Check if Amazon Macie is enabled. |
macie_is_enabled |
Macie is not enabled. |
Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS. |
Enable Amazon Macie and create appropriate jobs to discover sensitive data. |
|
| FAIL |
low |
macie |
us-east-2 |
Check if Amazon Macie is enabled. |
Macie |
Check if Amazon Macie is enabled. |
macie_is_enabled |
Macie is not enabled. |
Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS. |
Enable Amazon Macie and create appropriate jobs to discover sensitive data. |
|
| FAIL |
low |
macie |
us-west-1 |
Check if Amazon Macie is enabled. |
Macie |
Check if Amazon Macie is enabled. |
macie_is_enabled |
Macie is not enabled. |
Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS. |
Enable Amazon Macie and create appropriate jobs to discover sensitive data. |
|
| FAIL |
low |
macie |
us-west-2 |
Check if Amazon Macie is enabled. |
Macie |
Check if Amazon Macie is enabled. |
macie_is_enabled |
Macie is not enabled. |
Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS. |
Enable Amazon Macie and create appropriate jobs to discover sensitive data. |
|
| PASS |
medium |
rds |
ap-south-1 |
Check if RDS instances have backup enabled. |
fltitle-db |
Check if RDS instances have backup enabled. |
rds_instance_backup_enabled |
RDS Instance fltitle-db has backup enabled with retention period 7 days. |
If backup is not enabled, data is vulnerable. Human error or bad actors could erase or modify data. |
Enable automated backup for production data. Define a retention period and periodically test backup restoration. A Disaster Recovery process should be in place to govern Data Protection approach. |
|
| PASS |
medium |
rds |
ap-south-1 |
Check if RDS instances have backup enabled. |
fugo-knowfugo |
Check if RDS instances have backup enabled. |
rds_instance_backup_enabled |
RDS Instance fugo-knowfugo has backup enabled with retention period 7 days. |
If backup is not enabled, data is vulnerable. Human error or bad actors could erase or modify data. |
Enable automated backup for production data. Define a retention period and periodically test backup restoration. A Disaster Recovery process should be in place to govern Data Protection approach. |
|
| PASS |
medium |
rds |
ap-south-1 |
Check if RDS instances have backup enabled. |
fugoonetitle |
Check if RDS instances have backup enabled. |
rds_instance_backup_enabled |
RDS Instance fugoonetitle has backup enabled with retention period 7 days. |
If backup is not enabled, data is vulnerable. Human error or bad actors could erase or modify data. |
Enable automated backup for production data. Define a retention period and periodically test backup restoration. A Disaster Recovery process should be in place to govern Data Protection approach. |
|
| PASS |
medium |
rds |
ap-south-1 |
Check if RDS instances have backup enabled. |
fugo-prod-db |
Check if RDS instances have backup enabled. |
rds_instance_backup_enabled |
RDS Instance fugo-prod-db has backup enabled with retention period 7 days. |
If backup is not enabled, data is vulnerable. Human error or bad actors could erase or modify data. |
Enable automated backup for production data. Define a retention period and periodically test backup restoration. A Disaster Recovery process should be in place to govern Data Protection approach. |
|
| FAIL |
medium |
rds |
ap-south-1 |
Check if RDS instances have backup enabled. |
fugo-read-db |
Check if RDS instances have backup enabled. |
rds_instance_backup_enabled |
RDS Instance fugo-read-db has not backup enabled. |
If backup is not enabled, data is vulnerable. Human error or bad actors could erase or modify data. |
Enable automated backup for production data. Define a retention period and periodically test backup restoration. A Disaster Recovery process should be in place to govern Data Protection approach. |
|
| PASS |
medium |
rds |
ap-south-1 |
Check if RDS instances have backup enabled. |
fugo-stagingknowfugo |
Check if RDS instances have backup enabled. |
rds_instance_backup_enabled |
RDS Instance fugo-stagingknowfugo has backup enabled with retention period 7 days. |
If backup is not enabled, data is vulnerable. Human error or bad actors could erase or modify data. |
Enable automated backup for production data. Define a retention period and periodically test backup restoration. A Disaster Recovery process should be in place to govern Data Protection approach. |
|
| PASS |
medium |
rds |
ap-south-1 |
Check if RDS instances have backup enabled. |
new-dr-fugoone-db-21-12-2021 |
Check if RDS instances have backup enabled. |
rds_instance_backup_enabled |
RDS Instance new-dr-fugoone-db-21-12-2021 has backup enabled with retention period 7 days. |
If backup is not enabled, data is vulnerable. Human error or bad actors could erase or modify data. |
Enable automated backup for production data. Define a retention period and periodically test backup restoration. A Disaster Recovery process should be in place to govern Data Protection approach. |
|
| FAIL |
medium |
rds |
ap-south-1 |
Check if RDS instances have deletion protection enabled. |
fltitle-db |
Check if RDS instances have deletion protection enabled. |
rds_instance_deletion_protection |
RDS Instance fltitle-db deletion protection is not enabled. |
You can only delete instances that do not have deletion protection enabled. |
Enable deletion protection using the AWS Management Console for production DB instances. |
|
| FAIL |
medium |
rds |
ap-south-1 |
Check if RDS instances have deletion protection enabled. |
fugo-knowfugo |
Check if RDS instances have deletion protection enabled. |
rds_instance_deletion_protection |
RDS Instance fugo-knowfugo deletion protection is not enabled. |
You can only delete instances that do not have deletion protection enabled. |
Enable deletion protection using the AWS Management Console for production DB instances. |
|
| FAIL |
medium |
rds |
ap-south-1 |
Check if RDS instances have deletion protection enabled. |
fugoonetitle |
Check if RDS instances have deletion protection enabled. |
rds_instance_deletion_protection |
RDS Instance fugoonetitle deletion protection is not enabled. |
You can only delete instances that do not have deletion protection enabled. |
Enable deletion protection using the AWS Management Console for production DB instances. |
|
| PASS |
medium |
rds |
ap-south-1 |
Check if RDS instances have deletion protection enabled. |
fugo-prod-db |
Check if RDS instances have deletion protection enabled. |
rds_instance_deletion_protection |
RDS Instance fugo-prod-db deletion protection is enabled. |
You can only delete instances that do not have deletion protection enabled. |
Enable deletion protection using the AWS Management Console for production DB instances. |
|
| PASS |
medium |
rds |
ap-south-1 |
Check if RDS instances have deletion protection enabled. |
fugo-read-db |
Check if RDS instances have deletion protection enabled. |
rds_instance_deletion_protection |
RDS Instance fugo-read-db deletion protection is enabled. |
You can only delete instances that do not have deletion protection enabled. |
Enable deletion protection using the AWS Management Console for production DB instances. |
|
| FAIL |
medium |
rds |
ap-south-1 |
Check if RDS instances have deletion protection enabled. |
fugo-stagingknowfugo |
Check if RDS instances have deletion protection enabled. |
rds_instance_deletion_protection |
RDS Instance fugo-stagingknowfugo deletion protection is not enabled. |
You can only delete instances that do not have deletion protection enabled. |
Enable deletion protection using the AWS Management Console for production DB instances. |
|
| FAIL |
medium |
rds |
ap-south-1 |
Check if RDS instances have deletion protection enabled. |
new-dr-fugoone-db-21-12-2021 |
Check if RDS instances have deletion protection enabled. |
rds_instance_deletion_protection |
RDS Instance new-dr-fugoone-db-21-12-2021 deletion protection is not enabled. |
You can only delete instances that do not have deletion protection enabled. |
Enable deletion protection using the AWS Management Console for production DB instances. |
|
| FAIL |
low |
rds |
ap-south-1 |
Check if RDS instances has enhanced monitoring enabled. |
fltitle-db |
Check if RDS instances has enhanced monitoring enabled. |
rds_instance_enhanced_monitoring_enabled |
RDS Instance fltitle-db does not have enhanced monitoring enabled. |
A smaller monitoring interval results in more frequent reporting of OS metrics. |
To use Enhanced Monitoring, you must create an IAM role; and then enable Enhanced Monitoring. |
|
| FAIL |
low |
rds |
ap-south-1 |
Check if RDS instances has enhanced monitoring enabled. |
fugo-knowfugo |
Check if RDS instances has enhanced monitoring enabled. |
rds_instance_enhanced_monitoring_enabled |
RDS Instance fugo-knowfugo does not have enhanced monitoring enabled. |
A smaller monitoring interval results in more frequent reporting of OS metrics. |
To use Enhanced Monitoring, you must create an IAM role; and then enable Enhanced Monitoring. |
|
| FAIL |
low |
rds |
ap-south-1 |
Check if RDS instances has enhanced monitoring enabled. |
fugoonetitle |
Check if RDS instances has enhanced monitoring enabled. |
rds_instance_enhanced_monitoring_enabled |
RDS Instance fugoonetitle does not have enhanced monitoring enabled. |
A smaller monitoring interval results in more frequent reporting of OS metrics. |
To use Enhanced Monitoring, you must create an IAM role; and then enable Enhanced Monitoring. |
|
| PASS |
low |
rds |
ap-south-1 |
Check if RDS instances has enhanced monitoring enabled. |
fugo-prod-db |
Check if RDS instances has enhanced monitoring enabled. |
rds_instance_enhanced_monitoring_enabled |
RDS Instance fugo-prod-db has enhanced monitoring enabled. |
A smaller monitoring interval results in more frequent reporting of OS metrics. |
To use Enhanced Monitoring, you must create an IAM role; and then enable Enhanced Monitoring. |
|
| FAIL |
low |
rds |
ap-south-1 |
Check if RDS instances has enhanced monitoring enabled. |
fugo-read-db |
Check if RDS instances has enhanced monitoring enabled. |
rds_instance_enhanced_monitoring_enabled |
RDS Instance fugo-read-db does not have enhanced monitoring enabled. |
A smaller monitoring interval results in more frequent reporting of OS metrics. |
To use Enhanced Monitoring, you must create an IAM role; and then enable Enhanced Monitoring. |
|
| FAIL |
low |
rds |
ap-south-1 |
Check if RDS instances has enhanced monitoring enabled. |
fugo-stagingknowfugo |
Check if RDS instances has enhanced monitoring enabled. |
rds_instance_enhanced_monitoring_enabled |
RDS Instance fugo-stagingknowfugo does not have enhanced monitoring enabled. |
A smaller monitoring interval results in more frequent reporting of OS metrics. |
To use Enhanced Monitoring, you must create an IAM role; and then enable Enhanced Monitoring. |
|
| FAIL |
low |
rds |
ap-south-1 |
Check if RDS instances has enhanced monitoring enabled. |
new-dr-fugoone-db-21-12-2021 |
Check if RDS instances has enhanced monitoring enabled. |
rds_instance_enhanced_monitoring_enabled |
RDS Instance new-dr-fugoone-db-21-12-2021 does not have enhanced monitoring enabled. |
A smaller monitoring interval results in more frequent reporting of OS metrics. |
To use Enhanced Monitoring, you must create an IAM role; and then enable Enhanced Monitoring. |
|
| FAIL |
medium |
rds |
ap-south-1 |
Check if RDS instances is integrated with CloudWatch Logs. |
fltitle-db |
Check if RDS instances is integrated with CloudWatch Logs. |
rds_instance_integration_cloudwatch_logs |
RDS Instance fltitle-db does not have CloudWatch Logs enabled. |
If logs are not enabled, monitoring of service use and threat analysis is not possible. |
Use CloudWatch Logs to perform real-time analysis of the log data. Create alarms and view metrics. |
|
| FAIL |
medium |
rds |
ap-south-1 |
Check if RDS instances is integrated with CloudWatch Logs. |
fugo-knowfugo |
Check if RDS instances is integrated with CloudWatch Logs. |
rds_instance_integration_cloudwatch_logs |
RDS Instance fugo-knowfugo does not have CloudWatch Logs enabled. |
If logs are not enabled, monitoring of service use and threat analysis is not possible. |
Use CloudWatch Logs to perform real-time analysis of the log data. Create alarms and view metrics. |
|
| FAIL |
medium |
rds |
ap-south-1 |
Check if RDS instances is integrated with CloudWatch Logs. |
fugoonetitle |
Check if RDS instances is integrated with CloudWatch Logs. |
rds_instance_integration_cloudwatch_logs |
RDS Instance fugoonetitle does not have CloudWatch Logs enabled. |
If logs are not enabled, monitoring of service use and threat analysis is not possible. |
Use CloudWatch Logs to perform real-time analysis of the log data. Create alarms and view metrics. |
|
| PASS |
medium |
rds |
ap-south-1 |
Check if RDS instances is integrated with CloudWatch Logs. |
fugo-prod-db |
Check if RDS instances is integrated with CloudWatch Logs. |
rds_instance_integration_cloudwatch_logs |
RDS Instance fugo-prod-db is shipping audit error general slowquery to CloudWatch Logs. |
If logs are not enabled, monitoring of service use and threat analysis is not possible. |
Use CloudWatch Logs to perform real-time analysis of the log data. Create alarms and view metrics. |
|
| PASS |
medium |
rds |
ap-south-1 |
Check if RDS instances is integrated with CloudWatch Logs. |
fugo-read-db |
Check if RDS instances is integrated with CloudWatch Logs. |
rds_instance_integration_cloudwatch_logs |
RDS Instance fugo-read-db is shipping audit error general slowquery to CloudWatch Logs. |
If logs are not enabled, monitoring of service use and threat analysis is not possible. |
Use CloudWatch Logs to perform real-time analysis of the log data. Create alarms and view metrics. |
|
| FAIL |
medium |
rds |
ap-south-1 |
Check if RDS instances is integrated with CloudWatch Logs. |
fugo-stagingknowfugo |
Check if RDS instances is integrated with CloudWatch Logs. |
rds_instance_integration_cloudwatch_logs |
RDS Instance fugo-stagingknowfugo does not have CloudWatch Logs enabled. |
If logs are not enabled, monitoring of service use and threat analysis is not possible. |
Use CloudWatch Logs to perform real-time analysis of the log data. Create alarms and view metrics. |
|
| FAIL |
medium |
rds |
ap-south-1 |
Check if RDS instances is integrated with CloudWatch Logs. |
new-dr-fugoone-db-21-12-2021 |
Check if RDS instances is integrated with CloudWatch Logs. |
rds_instance_integration_cloudwatch_logs |
RDS Instance new-dr-fugoone-db-21-12-2021 does not have CloudWatch Logs enabled. |
If logs are not enabled, monitoring of service use and threat analysis is not possible. |
Use CloudWatch Logs to perform real-time analysis of the log data. Create alarms and view metrics. |
|
| PASS |
low |
rds |
ap-south-1 |
Ensure RDS instances have minor version upgrade enabled. |
fltitle-db |
Ensure RDS instances have minor version upgrade enabled. |
rds_instance_minor_version_upgrade_enabled |
RDS Instance fltitle-db has minor version upgrade enabled. |
Auto Minor Version Upgrade is a feature that you can enable to have your database automatically upgraded when a new minor database engine version is available. Minor version upgrades often patch security vulnerabilities and fix bugs and therefore should be applied. |
Enable auto minor version upgrade for all databases and environments. |
|
| PASS |
low |
rds |
ap-south-1 |
Ensure RDS instances have minor version upgrade enabled. |
fugo-knowfugo |
Ensure RDS instances have minor version upgrade enabled. |
rds_instance_minor_version_upgrade_enabled |
RDS Instance fugo-knowfugo has minor version upgrade enabled. |
Auto Minor Version Upgrade is a feature that you can enable to have your database automatically upgraded when a new minor database engine version is available. Minor version upgrades often patch security vulnerabilities and fix bugs and therefore should be applied. |
Enable auto minor version upgrade for all databases and environments. |
|
| PASS |
low |
rds |
ap-south-1 |
Ensure RDS instances have minor version upgrade enabled. |
fugoonetitle |
Ensure RDS instances have minor version upgrade enabled. |
rds_instance_minor_version_upgrade_enabled |
RDS Instance fugoonetitle has minor version upgrade enabled. |
Auto Minor Version Upgrade is a feature that you can enable to have your database automatically upgraded when a new minor database engine version is available. Minor version upgrades often patch security vulnerabilities and fix bugs and therefore should be applied. |
Enable auto minor version upgrade for all databases and environments. |
|
| PASS |
low |
rds |
ap-south-1 |
Ensure RDS instances have minor version upgrade enabled. |
fugo-prod-db |
Ensure RDS instances have minor version upgrade enabled. |
rds_instance_minor_version_upgrade_enabled |
RDS Instance fugo-prod-db has minor version upgrade enabled. |
Auto Minor Version Upgrade is a feature that you can enable to have your database automatically upgraded when a new minor database engine version is available. Minor version upgrades often patch security vulnerabilities and fix bugs and therefore should be applied. |
Enable auto minor version upgrade for all databases and environments. |
|
| PASS |
low |
rds |
ap-south-1 |
Ensure RDS instances have minor version upgrade enabled. |
fugo-read-db |
Ensure RDS instances have minor version upgrade enabled. |
rds_instance_minor_version_upgrade_enabled |
RDS Instance fugo-read-db has minor version upgrade enabled. |
Auto Minor Version Upgrade is a feature that you can enable to have your database automatically upgraded when a new minor database engine version is available. Minor version upgrades often patch security vulnerabilities and fix bugs and therefore should be applied. |
Enable auto minor version upgrade for all databases and environments. |
|
| PASS |
low |
rds |
ap-south-1 |
Ensure RDS instances have minor version upgrade enabled. |
fugo-stagingknowfugo |
Ensure RDS instances have minor version upgrade enabled. |
rds_instance_minor_version_upgrade_enabled |
RDS Instance fugo-stagingknowfugo has minor version upgrade enabled. |
Auto Minor Version Upgrade is a feature that you can enable to have your database automatically upgraded when a new minor database engine version is available. Minor version upgrades often patch security vulnerabilities and fix bugs and therefore should be applied. |
Enable auto minor version upgrade for all databases and environments. |
|
| PASS |
low |
rds |
ap-south-1 |
Ensure RDS instances have minor version upgrade enabled. |
new-dr-fugoone-db-21-12-2021 |
Ensure RDS instances have minor version upgrade enabled. |
rds_instance_minor_version_upgrade_enabled |
RDS Instance new-dr-fugoone-db-21-12-2021 has minor version upgrade enabled. |
Auto Minor Version Upgrade is a feature that you can enable to have your database automatically upgraded when a new minor database engine version is available. Minor version upgrades often patch security vulnerabilities and fix bugs and therefore should be applied. |
Enable auto minor version upgrade for all databases and environments. |
|
| FAIL |
medium |
rds |
ap-south-1 |
Check if RDS instances have multi-AZ enabled. |
fltitle-db |
Check if RDS instances have multi-AZ enabled. |
rds_instance_multi_az |
RDS Instance fltitle-db does not have multi-AZ enabled. |
In case of failure, with a single-AZ deployment configuration, should an availability zone specific database failure occur, Amazon RDS can not automatically fail over to the standby availability zone. |
Enable multi-AZ deployment for production databases. |
|
| FAIL |
medium |
rds |
ap-south-1 |
Check if RDS instances have multi-AZ enabled. |
fugo-knowfugo |
Check if RDS instances have multi-AZ enabled. |
rds_instance_multi_az |
RDS Instance fugo-knowfugo does not have multi-AZ enabled. |
In case of failure, with a single-AZ deployment configuration, should an availability zone specific database failure occur, Amazon RDS can not automatically fail over to the standby availability zone. |
Enable multi-AZ deployment for production databases. |
|
| FAIL |
medium |
rds |
ap-south-1 |
Check if RDS instances have multi-AZ enabled. |
fugoonetitle |
Check if RDS instances have multi-AZ enabled. |
rds_instance_multi_az |
RDS Instance fugoonetitle does not have multi-AZ enabled. |
In case of failure, with a single-AZ deployment configuration, should an availability zone specific database failure occur, Amazon RDS can not automatically fail over to the standby availability zone. |
Enable multi-AZ deployment for production databases. |
|
| PASS |
medium |
rds |
ap-south-1 |
Check if RDS instances have multi-AZ enabled. |
fugo-prod-db |
Check if RDS instances have multi-AZ enabled. |
rds_instance_multi_az |
RDS Instance fugo-prod-db has multi-AZ enabled. |
In case of failure, with a single-AZ deployment configuration, should an availability zone specific database failure occur, Amazon RDS can not automatically fail over to the standby availability zone. |
Enable multi-AZ deployment for production databases. |
|
| FAIL |
medium |
rds |
ap-south-1 |
Check if RDS instances have multi-AZ enabled. |
fugo-read-db |
Check if RDS instances have multi-AZ enabled. |
rds_instance_multi_az |
RDS Instance fugo-read-db does not have multi-AZ enabled. |
In case of failure, with a single-AZ deployment configuration, should an availability zone specific database failure occur, Amazon RDS can not automatically fail over to the standby availability zone. |
Enable multi-AZ deployment for production databases. |
|
| FAIL |
medium |
rds |
ap-south-1 |
Check if RDS instances have multi-AZ enabled. |
fugo-stagingknowfugo |
Check if RDS instances have multi-AZ enabled. |
rds_instance_multi_az |
RDS Instance fugo-stagingknowfugo does not have multi-AZ enabled. |
In case of failure, with a single-AZ deployment configuration, should an availability zone specific database failure occur, Amazon RDS can not automatically fail over to the standby availability zone. |
Enable multi-AZ deployment for production databases. |
|
| FAIL |
medium |
rds |
ap-south-1 |
Check if RDS instances have multi-AZ enabled. |
new-dr-fugoone-db-21-12-2021 |
Check if RDS instances have multi-AZ enabled. |
rds_instance_multi_az |
RDS Instance new-dr-fugoone-db-21-12-2021 does not have multi-AZ enabled. |
In case of failure, with a single-AZ deployment configuration, should an availability zone specific database failure occur, Amazon RDS can not automatically fail over to the standby availability zone. |
Enable multi-AZ deployment for production databases. |
|
| PASS |
critical |
rds |
ap-south-1 |
Ensure there are no Public Accessible RDS instances. |
fltitle-db |
Ensure there are no Public Accessible RDS instances. |
rds_instance_no_public_access |
RDS Instance fltitle-db is not Publicly Accessible. |
Publicly accessible databases could expose sensitive data to bad actors. |
Using an AWS Config rule check for RDS public instances periodically and check there is a business reason for it. |
|
| PASS |
critical |
rds |
ap-south-1 |
Ensure there are no Public Accessible RDS instances. |
fugo-knowfugo |
Ensure there are no Public Accessible RDS instances. |
rds_instance_no_public_access |
RDS Instance fugo-knowfugo is not Publicly Accessible. |
Publicly accessible databases could expose sensitive data to bad actors. |
Using an AWS Config rule check for RDS public instances periodically and check there is a business reason for it. |
|
| PASS |
critical |
rds |
ap-south-1 |
Ensure there are no Public Accessible RDS instances. |
fugoonetitle |
Ensure there are no Public Accessible RDS instances. |
rds_instance_no_public_access |
RDS Instance fugoonetitle is not Publicly Accessible. |
Publicly accessible databases could expose sensitive data to bad actors. |
Using an AWS Config rule check for RDS public instances periodically and check there is a business reason for it. |
|
| PASS |
critical |
rds |
ap-south-1 |
Ensure there are no Public Accessible RDS instances. |
fugo-prod-db |
Ensure there are no Public Accessible RDS instances. |
rds_instance_no_public_access |
RDS Instance fugo-prod-db is not Publicly Accessible. |
Publicly accessible databases could expose sensitive data to bad actors. |
Using an AWS Config rule check for RDS public instances periodically and check there is a business reason for it. |
|
| PASS |
critical |
rds |
ap-south-1 |
Ensure there are no Public Accessible RDS instances. |
fugo-read-db |
Ensure there are no Public Accessible RDS instances. |
rds_instance_no_public_access |
RDS Instance fugo-read-db is not Publicly Accessible. |
Publicly accessible databases could expose sensitive data to bad actors. |
Using an AWS Config rule check for RDS public instances periodically and check there is a business reason for it. |
|
| PASS |
critical |
rds |
ap-south-1 |
Ensure there are no Public Accessible RDS instances. |
fugo-stagingknowfugo |
Ensure there are no Public Accessible RDS instances. |
rds_instance_no_public_access |
RDS Instance fugo-stagingknowfugo is not Publicly Accessible. |
Publicly accessible databases could expose sensitive data to bad actors. |
Using an AWS Config rule check for RDS public instances periodically and check there is a business reason for it. |
|
| PASS |
critical |
rds |
ap-south-1 |
Ensure there are no Public Accessible RDS instances. |
new-dr-fugoone-db-21-12-2021 |
Ensure there are no Public Accessible RDS instances. |
rds_instance_no_public_access |
RDS Instance new-dr-fugoone-db-21-12-2021 is not Publicly Accessible. |
Publicly accessible databases could expose sensitive data to bad actors. |
Using an AWS Config rule check for RDS public instances periodically and check there is a business reason for it. |
|
| PASS |
medium |
rds |
ap-south-1 |
Check if RDS instances storage is encrypted. |
fltitle-db |
Check if RDS instances storage is encrypted. |
rds_instance_storage_encrypted |
RDS Instance fltitle-db is encrypted. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| PASS |
medium |
rds |
ap-south-1 |
Check if RDS instances storage is encrypted. |
fugo-knowfugo |
Check if RDS instances storage is encrypted. |
rds_instance_storage_encrypted |
RDS Instance fugo-knowfugo is encrypted. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| PASS |
medium |
rds |
ap-south-1 |
Check if RDS instances storage is encrypted. |
fugoonetitle |
Check if RDS instances storage is encrypted. |
rds_instance_storage_encrypted |
RDS Instance fugoonetitle is encrypted. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| PASS |
medium |
rds |
ap-south-1 |
Check if RDS instances storage is encrypted. |
fugo-prod-db |
Check if RDS instances storage is encrypted. |
rds_instance_storage_encrypted |
RDS Instance fugo-prod-db is encrypted. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| PASS |
medium |
rds |
ap-south-1 |
Check if RDS instances storage is encrypted. |
fugo-read-db |
Check if RDS instances storage is encrypted. |
rds_instance_storage_encrypted |
RDS Instance fugo-read-db is encrypted. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| PASS |
medium |
rds |
ap-south-1 |
Check if RDS instances storage is encrypted. |
fugo-stagingknowfugo |
Check if RDS instances storage is encrypted. |
rds_instance_storage_encrypted |
RDS Instance fugo-stagingknowfugo is encrypted. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| PASS |
medium |
rds |
ap-south-1 |
Check if RDS instances storage is encrypted. |
new-dr-fugoone-db-21-12-2021 |
Check if RDS instances storage is encrypted. |
rds_instance_storage_encrypted |
RDS Instance new-dr-fugoone-db-21-12-2021 is encrypted. |
If not enabled sensitive information at rest is not protected. |
Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
demo-audit-rds-before-deletion |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot demo-audit-rds-before-deletion is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
demo-audit-rds-final-snapshot |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot demo-audit-rds-final-snapshot is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
demo-audit-snap |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot demo-audit-snap is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
demo-fugoone-com-db |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot demo-fugoone-com-db is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
demo-fugoone-com-db-snapshot-23-12-2022 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot demo-fugoone-com-db-snapshot-23-12-2022 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
dr-fugo-db-21-12-2022 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot dr-fugo-db-21-12-2022 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
dr-fugo-db-snapshot-23-12-2022 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot dr-fugo-db-snapshot-23-12-2022 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
feb-100-snapshot-before-changing-the-instance-size |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot feb-100-snapshot-before-changing-the-instance-size is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
fltitle-db-10-06 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot fltitle-db-10-06 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
fugo-new-demo-16042020 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot fugo-new-demo-16042020 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
fugo-new-demo-16042020-snapshot-23-12-2022 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot fugo-new-demo-16042020-snapshot-23-12-2022 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
fugo-prod-02-02-22 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot fugo-prod-02-02-22 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
fugo-prod-for-demo-fugoone |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot fugo-prod-for-demo-fugoone is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
fugo-prod-rds-snapshot |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot fugo-prod-rds-snapshot is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
fugo-prod-snap-17-12-2019 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot fugo-prod-snap-17-12-2019 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
fugo-prod-snapshot-10-07-2021 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot fugo-prod-snapshot-10-07-2021 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
fugo-staging-db |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot fugo-staging-db is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
fugo-staging-db-snapshot-23-12-2022 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot fugo-staging-db-snapshot-23-12-2022 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
fugo-stagingknowfugo |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot fugo-stagingknowfugo is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
fugo-test-db |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot fugo-test-db is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
fugo-test-db-snapshot-23-12-2022 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot fugo-test-db-snapshot-23-12-2022 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
instance-upgrade-db |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot instance-upgrade-db is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
july27 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot july27 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
march7-maintainence-production-db |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot march7-maintainence-production-db is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
march7-maintainence-production-db-readonly |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot march7-maintainence-production-db-readonly is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
new-audit-rds-before-deletion |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot new-audit-rds-before-deletion is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
new-audit-rds-final-snapshot |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot new-audit-rds-final-snapshot is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
new-demo-db-10-07-21 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot new-demo-db-10-07-21 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
new-demo-db-10-07-21-snapshot-23-12-2022 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot new-demo-db-10-07-21-snapshot-23-12-2022 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
new-demo-fugo |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot new-demo-fugo is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
new-demo-fugoone-com-june |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot new-demo-fugoone-com-june is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
new-demo-fugoone-com-june-snapshot-23-12-2022 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot new-demo-fugoone-com-june-snapshot-23-12-2022 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
new-fugoone-db-21-12-2021 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot new-fugoone-db-21-12-2021 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
prod-db-before-changing-timezone |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot prod-db-before-changing-timezone is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fltitle-db-2022-12-01-20-05 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fltitle-db-2022-12-01-20-05 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fltitle-db-2022-12-02-20-05 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fltitle-db-2022-12-02-20-05 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fltitle-db-2022-12-03-20-05 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fltitle-db-2022-12-03-20-05 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fltitle-db-2022-12-04-20-05 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fltitle-db-2022-12-04-20-05 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fltitle-db-2022-12-05-20-05 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fltitle-db-2022-12-05-20-05 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fltitle-db-2022-12-06-20-05 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fltitle-db-2022-12-06-20-05 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fltitle-db-2022-12-07-20-05 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fltitle-db-2022-12-07-20-05 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fltitle-db-2022-12-15-19-11 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fltitle-db-2022-12-15-19-11 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fltitle-db-2022-12-20-08-52 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fltitle-db-2022-12-20-08-52 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fltitle-db-2022-12-23-08-27 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fltitle-db-2022-12-23-08-27 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-knowfugo-2022-12-01-20-06 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-knowfugo-2022-12-01-20-06 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-knowfugo-2022-12-02-20-06 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-knowfugo-2022-12-02-20-06 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-knowfugo-2022-12-03-20-06 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-knowfugo-2022-12-03-20-06 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-knowfugo-2022-12-04-20-06 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-knowfugo-2022-12-04-20-06 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-knowfugo-2022-12-05-20-06 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-knowfugo-2022-12-05-20-06 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-knowfugo-2022-12-06-20-07 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-knowfugo-2022-12-06-20-07 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-knowfugo-2022-12-07-20-06 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-knowfugo-2022-12-07-20-06 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-knowfugo-2022-12-16-13-44 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-knowfugo-2022-12-16-13-44 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-knowfugo-2022-12-20-09-02 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-knowfugo-2022-12-20-09-02 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-knowfugo-2022-12-23-08-27 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-knowfugo-2022-12-23-08-27 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugoonetitle-2022-12-09-20-06 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugoonetitle-2022-12-09-20-06 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugoonetitle-2022-12-10-20-05 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugoonetitle-2022-12-10-20-05 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugoonetitle-2022-12-11-20-05 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugoonetitle-2022-12-11-20-05 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugoonetitle-2022-12-12-20-05 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugoonetitle-2022-12-12-20-05 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugoonetitle-2022-12-13-20-05 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugoonetitle-2022-12-13-20-05 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugoonetitle-2022-12-14-20-05 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugoonetitle-2022-12-14-20-05 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugoonetitle-2022-12-15-20-06 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugoonetitle-2022-12-15-20-06 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugoonetitle-2022-12-20-11-51 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugoonetitle-2022-12-20-11-51 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugoonetitle-2022-12-22-11-51 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugoonetitle-2022-12-22-11-51 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugoonetitle-2022-12-22-20-05 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugoonetitle-2022-12-22-20-05 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-prod-db-2022-12-21-20-07 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-prod-db-2022-12-21-20-07 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-prod-db-2022-12-22-20-07 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-prod-db-2022-12-22-20-07 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-prod-db-2022-12-23-20-07 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-prod-db-2022-12-23-20-07 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-prod-db-2022-12-24-20-08 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-prod-db-2022-12-24-20-08 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-prod-db-2022-12-25-20-07 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-prod-db-2022-12-25-20-07 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-prod-db-2022-12-26-20-07 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-prod-db-2022-12-26-20-07 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-prod-db-2022-12-27-20-08 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-prod-db-2022-12-27-20-08 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-prod-db-2022-12-28-20-07 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-prod-db-2022-12-28-20-07 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-prod-rds-2022-12-23-12-09 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-prod-rds-2022-12-23-12-09 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-prod-rds-2022-12-23-20-05 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-prod-rds-2022-12-23-20-05 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-prod-rds-2022-12-24-20-06 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-prod-rds-2022-12-24-20-06 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-stagingknowfugo-2022-11-30-19-58 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-stagingknowfugo-2022-11-30-19-58 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-stagingknowfugo-2022-12-01-19-58 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-stagingknowfugo-2022-12-01-19-58 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-stagingknowfugo-2022-12-02-19-58 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-stagingknowfugo-2022-12-02-19-58 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-stagingknowfugo-2022-12-03-19-58 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-stagingknowfugo-2022-12-03-19-58 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-stagingknowfugo-2022-12-04-19-58 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-stagingknowfugo-2022-12-04-19-58 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-stagingknowfugo-2022-12-12-13-44 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-stagingknowfugo-2022-12-12-13-44 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-stagingknowfugo-2022-12-12-19-58 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-stagingknowfugo-2022-12-12-19-58 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-stagingknowfugo-2022-12-13-19-59 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-stagingknowfugo-2022-12-13-19-59 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-stagingknowfugo-2022-12-14-19-59 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-stagingknowfugo-2022-12-14-19-59 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-stagingknowfugo-2022-12-20-12-55 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-stagingknowfugo-2022-12-20-12-55 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:fugo-stagingknowfugo-2022-12-23-08-31 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:fugo-stagingknowfugo-2022-12-23-08-31 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:new-dr-fugoone-db-21-12-2021-2022-12-15-20-04 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:new-dr-fugoone-db-21-12-2021-2022-12-15-20-04 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:new-dr-fugoone-db-21-12-2021-2022-12-20-12-31 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:new-dr-fugoone-db-21-12-2021-2022-12-20-12-31 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:new-dr-fugoone-db-21-12-2021-2022-12-20-20-05 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:new-dr-fugoone-db-21-12-2021-2022-12-20-20-05 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:new-dr-fugoone-db-21-12-2021-2022-12-21-20-05 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:new-dr-fugoone-db-21-12-2021-2022-12-21-20-05 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:new-dr-fugoone-db-21-12-2021-2022-12-22-20-05 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:new-dr-fugoone-db-21-12-2021-2022-12-22-20-05 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:new-dr-fugoone-db-21-12-2021-2022-12-23-20-05 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:new-dr-fugoone-db-21-12-2021-2022-12-23-20-05 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:new-dr-fugoone-db-21-12-2021-2022-12-24-20-05 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:new-dr-fugoone-db-21-12-2021-2022-12-24-20-05 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:new-dr-fugoone-db-21-12-2021-2022-12-25-20-05 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:new-dr-fugoone-db-21-12-2021-2022-12-25-20-05 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:new-dr-fugoone-db-21-12-2021-2022-12-28-09-33 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:new-dr-fugoone-db-21-12-2021-2022-12-28-09-33 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds:new-dr-fugoone-db-21-12-2021-2022-12-28-20-06 |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot rds:new-dr-fugoone-db-21-12-2021-2022-12-28-20-06 is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
test-drill-db-before-deletion |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot test-drill-db-before-deletion is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
test-drill-db-final-snapshot |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Instance Snapshot test-drill-db-final-snapshot is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
fugo-prod-db-final-snapshot |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Cluster Snapshot fugo-prod-db-final-snapshot is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
critical |
rds |
ap-south-1 |
Check if RDS Snapshots and Cluster Snapshots are public. |
fugo-production-db-instance-1-ap-south-1b-final-snapshot |
Check if RDS Snapshots and Cluster Snapshots are public. |
rds_snapshots_public_access |
RDS Cluster Snapshot fugo-production-db-instance-1-ap-south-1b-final-snapshot is not shared. |
Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts. |
Use AWS Config to identify any snapshot that is public. |
|
| PASS |
medium |
route53 |
us-east-1 |
Enable Privacy Protection for for a Route53 Domain. |
fugoams.com |
Enable Privacy Protection for for a Route53 Domain. |
route53_domains_privacy_protection_enabled |
Contact information is private for the fugoams.com domain |
Without privacy protection enabled, ones personal information is published to the public WHOIS database. |
Ensure default Privacy is enabled. |
|
| PASS |
medium |
route53 |
us-east-1 |
Enable Privacy Protection for for a Route53 Domain. |
fugoone.com |
Enable Privacy Protection for for a Route53 Domain. |
route53_domains_privacy_protection_enabled |
Contact information is private for the fugoone.com domain |
Without privacy protection enabled, ones personal information is published to the public WHOIS database. |
Ensure default Privacy is enabled. |
|
| PASS |
medium |
route53 |
us-east-1 |
Enable Privacy Protection for for a Route53 Domain. |
fugotitlehub.com |
Enable Privacy Protection for for a Route53 Domain. |
route53_domains_privacy_protection_enabled |
Contact information is private for the fugotitlehub.com domain |
Without privacy protection enabled, ones personal information is published to the public WHOIS database. |
Ensure default Privacy is enabled. |
|
| FAIL |
medium |
route53 |
us-east-1 |
Enable Transfer Lock for a Route53 Domain. |
fugoams.com |
Enable Transfer Lock for a Route53 Domain. |
route53_domains_transferlock_enabled |
Transfer Lock is disabled for the fugoams.com domain |
Without transfer lock enabled; a domain name could be incorrectly moved to a new registrar. |
Ensure transfer lock is enabled. |
|
| FAIL |
medium |
route53 |
us-east-1 |
Enable Transfer Lock for a Route53 Domain. |
fugoone.com |
Enable Transfer Lock for a Route53 Domain. |
route53_domains_transferlock_enabled |
Transfer Lock is disabled for the fugoone.com domain |
Without transfer lock enabled; a domain name could be incorrectly moved to a new registrar. |
Ensure transfer lock is enabled. |
|
| FAIL |
medium |
route53 |
us-east-1 |
Enable Transfer Lock for a Route53 Domain. |
fugotitlehub.com |
Enable Transfer Lock for a Route53 Domain. |
route53_domains_transferlock_enabled |
Transfer Lock is disabled for the fugotitlehub.com domain |
Without transfer lock enabled; a domain name could be incorrectly moved to a new registrar. |
Ensure transfer lock is enabled. |
|
| FAIL |
medium |
route53 |
ap-south-1 |
Check if Route53 public hosted zones are logging queries to CloudWatch Logs. |
Z1WWBJXPILX7PR |
Check if Route53 public hosted zones are logging queries to CloudWatch Logs. |
route53_public_hosted_zones_cloudwatch_logging_enabled |
Route53 Public Hosted Zone Z1WWBJXPILX7PR has query logging disabled |
If logs are not enabled; monitoring of service use and threat analysis is not possible. |
Enable CloudWatch logs and define metrics and uses cases for the events recorded. |
|
| FAIL |
high |
s3 |
ap-south-1 |
Check S3 Account Level Public Access Block. |
207592916039 |
Check S3 Account Level Public Access Block. |
s3_account_level_public_access_blocks |
Block Public Access is not configured for the account 207592916039. |
Public access policies may be applied to sensitive data buckets. |
You can enable Public Access Block at the account level to prevent the exposure of your data stored in S3. |
|
| PASS |
medium |
s3 |
ap-south-1 |
Check if S3 buckets have ACLs enabled |
dr-fugoone-281222 |
Check if S3 buckets have ACLs enabled |
s3_bucket_acl_prohibited |
S3 Bucket dr-fugoone-281222 has bucket ACLs disabled. |
S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods. |
Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access. |
|
| FAIL |
medium |
s3 |
ap-south-1 |
Check if S3 buckets have ACLs enabled |
fugo-config |
Check if S3 buckets have ACLs enabled |
s3_bucket_acl_prohibited |
S3 Bucket fugo-config has bucket ACLs enabled. |
S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods. |
Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access. |
|
| FAIL |
medium |
s3 |
ap-south-1 |
Check if S3 buckets have ACLs enabled |
fugo-doc |
Check if S3 buckets have ACLs enabled |
s3_bucket_acl_prohibited |
S3 Bucket fugo-doc has bucket ACLs enabled. |
S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods. |
Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access. |
|
| PASS |
medium |
s3 |
ap-south-1 |
Check if S3 buckets have ACLs enabled |
fugo-rds-db-backup |
Check if S3 buckets have ACLs enabled |
s3_bucket_acl_prohibited |
S3 Bucket fugo-rds-db-backup has bucket ACLs disabled. |
S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods. |
Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access. |
|
| FAIL |
medium |
s3 |
ap-south-1 |
Check if S3 buckets have ACLs enabled |
fugologs |
Check if S3 buckets have ACLs enabled |
s3_bucket_acl_prohibited |
S3 Bucket fugologs has bucket ACLs enabled. |
S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods. |
Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access. |
|
| PASS |
medium |
s3 |
ap-south-1 |
Check if S3 buckets have ACLs enabled |
fugostaging |
Check if S3 buckets have ACLs enabled |
s3_bucket_acl_prohibited |
S3 Bucket fugostaging has bucket ACLs disabled. |
S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods. |
Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access. |
|
| FAIL |
medium |
s3 |
us-east-1 |
Check if S3 buckets have ACLs enabled |
cf-templates-1ip9vfxtvbz1u-us-east-1 |
Check if S3 buckets have ACLs enabled |
s3_bucket_acl_prohibited |
S3 Bucket cf-templates-1ip9vfxtvbz1u-us-east-1 has bucket ACLs enabled. |
S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods. |
Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access. |
|
| FAIL |
medium |
s3 |
us-west-2 |
Check if S3 buckets have ACLs enabled |
war-nops-207592916039 |
Check if S3 buckets have ACLs enabled |
s3_bucket_acl_prohibited |
S3 Bucket war-nops-207592916039 has bucket ACLs enabled. |
S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods. |
Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access. |
|
| FAIL |
medium |
s3 |
us-west-2 |
Check if S3 buckets have ACLs enabled |
warcost |
Check if S3 buckets have ACLs enabled |
s3_bucket_acl_prohibited |
S3 Bucket warcost has bucket ACLs enabled. |
S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods. |
Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access. |
|
| FAIL |
medium |
s3 |
ap-south-1 |
Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. |
dr-fugoone-281222 |
Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. |
s3_bucket_default_encryption |
Server Side Encryption is not configured for S3 Bucket dr-fugoone-281222. |
Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted. |
Ensure that S3 buckets has encryption at rest enabled. |
|
| FAIL |
medium |
s3 |
ap-south-1 |
Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. |
fugo-config |
Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. |
s3_bucket_default_encryption |
Server Side Encryption is not configured for S3 Bucket fugo-config. |
Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted. |
Ensure that S3 buckets has encryption at rest enabled. |
|
| PASS |
medium |
s3 |
ap-south-1 |
Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. |
fugo-doc |
Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. |
s3_bucket_default_encryption |
S3 Bucket fugo-doc has Server Side Encryption with AES256. |
Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted. |
Ensure that S3 buckets has encryption at rest enabled. |
|
| FAIL |
medium |
s3 |
ap-south-1 |
Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. |
fugo-rds-db-backup |
Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. |
s3_bucket_default_encryption |
Server Side Encryption is not configured for S3 Bucket fugo-rds-db-backup. |
Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted. |
Ensure that S3 buckets has encryption at rest enabled. |
|
| PASS |
medium |
s3 |
ap-south-1 |
Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. |
fugologs |
Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. |
s3_bucket_default_encryption |
S3 Bucket fugologs has Server Side Encryption with AES256. |
Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted. |
Ensure that S3 buckets has encryption at rest enabled. |
|
| FAIL |
medium |
s3 |
ap-south-1 |
Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. |
fugostaging |
Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. |
s3_bucket_default_encryption |
Server Side Encryption is not configured for S3 Bucket fugostaging. |
Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted. |
Ensure that S3 buckets has encryption at rest enabled. |
|
| PASS |
medium |
s3 |
us-east-1 |
Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. |
cf-templates-1ip9vfxtvbz1u-us-east-1 |
Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. |
s3_bucket_default_encryption |
S3 Bucket cf-templates-1ip9vfxtvbz1u-us-east-1 has Server Side Encryption with AES256. |
Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted. |
Ensure that S3 buckets has encryption at rest enabled. |
|
| PASS |
medium |
s3 |
us-west-2 |
Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. |
war-nops-207592916039 |
Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. |
s3_bucket_default_encryption |
S3 Bucket war-nops-207592916039 has Server Side Encryption with AES256. |
Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted. |
Ensure that S3 buckets has encryption at rest enabled. |
|
| PASS |
medium |
s3 |
us-west-2 |
Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. |
warcost |
Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. |
s3_bucket_default_encryption |
S3 Bucket warcost has Server Side Encryption with AES256. |
Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted. |
Ensure that S3 buckets has encryption at rest enabled. |
|
| FAIL |
medium |
s3 |
ap-south-1 |
Check if S3 bucket MFA Delete is not enabled. |
dr-fugoone-281222 |
Check if S3 bucket MFA Delete is not enabled. |
s3_bucket_no_mfa_delete |
S3 Bucket dr-fugoone-281222 has MFA Delete disabled. |
Your security credentials are compromised or unauthorized access is granted. |
Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted. |
|
| FAIL |
medium |
s3 |
ap-south-1 |
Check if S3 bucket MFA Delete is not enabled. |
fugo-config |
Check if S3 bucket MFA Delete is not enabled. |
s3_bucket_no_mfa_delete |
S3 Bucket fugo-config has MFA Delete disabled. |
Your security credentials are compromised or unauthorized access is granted. |
Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted. |
|
| FAIL |
medium |
s3 |
ap-south-1 |
Check if S3 bucket MFA Delete is not enabled. |
fugo-doc |
Check if S3 bucket MFA Delete is not enabled. |
s3_bucket_no_mfa_delete |
S3 Bucket fugo-doc has MFA Delete disabled. |
Your security credentials are compromised or unauthorized access is granted. |
Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted. |
|
| FAIL |
medium |
s3 |
ap-south-1 |
Check if S3 bucket MFA Delete is not enabled. |
fugo-rds-db-backup |
Check if S3 bucket MFA Delete is not enabled. |
s3_bucket_no_mfa_delete |
S3 Bucket fugo-rds-db-backup has MFA Delete disabled. |
Your security credentials are compromised or unauthorized access is granted. |
Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted. |
|
| FAIL |
medium |
s3 |
ap-south-1 |
Check if S3 bucket MFA Delete is not enabled. |
fugologs |
Check if S3 bucket MFA Delete is not enabled. |
s3_bucket_no_mfa_delete |
S3 Bucket fugologs has MFA Delete disabled. |
Your security credentials are compromised or unauthorized access is granted. |
Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted. |
|
| FAIL |
medium |
s3 |
ap-south-1 |
Check if S3 bucket MFA Delete is not enabled. |
fugostaging |
Check if S3 bucket MFA Delete is not enabled. |
s3_bucket_no_mfa_delete |
S3 Bucket fugostaging has MFA Delete disabled. |
Your security credentials are compromised or unauthorized access is granted. |
Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted. |
|
| FAIL |
medium |
s3 |
us-east-1 |
Check if S3 bucket MFA Delete is not enabled. |
cf-templates-1ip9vfxtvbz1u-us-east-1 |
Check if S3 bucket MFA Delete is not enabled. |
s3_bucket_no_mfa_delete |
S3 Bucket cf-templates-1ip9vfxtvbz1u-us-east-1 has MFA Delete disabled. |
Your security credentials are compromised or unauthorized access is granted. |
Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted. |
|
| FAIL |
medium |
s3 |
us-west-2 |
Check if S3 bucket MFA Delete is not enabled. |
war-nops-207592916039 |
Check if S3 bucket MFA Delete is not enabled. |
s3_bucket_no_mfa_delete |
S3 Bucket war-nops-207592916039 has MFA Delete disabled. |
Your security credentials are compromised or unauthorized access is granted. |
Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted. |
|
| FAIL |
medium |
s3 |
us-west-2 |
Check if S3 bucket MFA Delete is not enabled. |
warcost |
Check if S3 bucket MFA Delete is not enabled. |
s3_bucket_no_mfa_delete |
S3 Bucket warcost has MFA Delete disabled. |
Your security credentials are compromised or unauthorized access is granted. |
Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted. |
|
| FAIL |
medium |
s3 |
ap-south-1 |
Check if S3 buckets have object versioning enabled |
dr-fugoone-281222 |
Check if S3 buckets have object versioning enabled |
s3_bucket_object_versioning |
S3 Bucket dr-fugoone-281222 has versioning disabled. |
With versioning, you can easily recover from both unintended user actions and application failures. |
Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frecuently; and backup may not be enough to capture all the changes. |
|
| FAIL |
medium |
s3 |
ap-south-1 |
Check if S3 buckets have object versioning enabled |
fugo-config |
Check if S3 buckets have object versioning enabled |
s3_bucket_object_versioning |
S3 Bucket fugo-config has versioning disabled. |
With versioning, you can easily recover from both unintended user actions and application failures. |
Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frecuently; and backup may not be enough to capture all the changes. |
|
| FAIL |
medium |
s3 |
ap-south-1 |
Check if S3 buckets have object versioning enabled |
fugo-doc |
Check if S3 buckets have object versioning enabled |
s3_bucket_object_versioning |
S3 Bucket fugo-doc has versioning disabled. |
With versioning, you can easily recover from both unintended user actions and application failures. |
Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frecuently; and backup may not be enough to capture all the changes. |
|
| FAIL |
medium |
s3 |
ap-south-1 |
Check if S3 buckets have object versioning enabled |
fugo-rds-db-backup |
Check if S3 buckets have object versioning enabled |
s3_bucket_object_versioning |
S3 Bucket fugo-rds-db-backup has versioning disabled. |
With versioning, you can easily recover from both unintended user actions and application failures. |
Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frecuently; and backup may not be enough to capture all the changes. |
|
| PASS |
medium |
s3 |
ap-south-1 |
Check if S3 buckets have object versioning enabled |
fugologs |
Check if S3 buckets have object versioning enabled |
s3_bucket_object_versioning |
S3 Bucket fugologs has versioning enabled. |
With versioning, you can easily recover from both unintended user actions and application failures. |
Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frecuently; and backup may not be enough to capture all the changes. |
|
| FAIL |
medium |
s3 |
ap-south-1 |
Check if S3 buckets have object versioning enabled |
fugostaging |
Check if S3 buckets have object versioning enabled |
s3_bucket_object_versioning |
S3 Bucket fugostaging has versioning disabled. |
With versioning, you can easily recover from both unintended user actions and application failures. |
Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frecuently; and backup may not be enough to capture all the changes. |
|
| FAIL |
medium |
s3 |
us-east-1 |
Check if S3 buckets have object versioning enabled |
cf-templates-1ip9vfxtvbz1u-us-east-1 |
Check if S3 buckets have object versioning enabled |
s3_bucket_object_versioning |
S3 Bucket cf-templates-1ip9vfxtvbz1u-us-east-1 has versioning disabled. |
With versioning, you can easily recover from both unintended user actions and application failures. |
Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frecuently; and backup may not be enough to capture all the changes. |
|
| FAIL |
medium |
s3 |
us-west-2 |
Check if S3 buckets have object versioning enabled |
war-nops-207592916039 |
Check if S3 buckets have object versioning enabled |
s3_bucket_object_versioning |
S3 Bucket war-nops-207592916039 has versioning disabled. |
With versioning, you can easily recover from both unintended user actions and application failures. |
Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frecuently; and backup may not be enough to capture all the changes. |
|
| FAIL |
medium |
s3 |
us-west-2 |
Check if S3 buckets have object versioning enabled |
warcost |
Check if S3 buckets have object versioning enabled |
s3_bucket_object_versioning |
S3 Bucket warcost has versioning disabled. |
With versioning, you can easily recover from both unintended user actions and application failures. |
Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frecuently; and backup may not be enough to capture all the changes. |
|
| PASS |
critical |
s3 |
ap-south-1 |
Check if S3 buckets have policies which allow WRITE access. |
dr-fugoone-281222 |
Check if S3 buckets have policies which allow WRITE access. |
s3_bucket_policy_public_write_access |
S3 Bucket dr-fugoone-281222 does not have a bucket policy. |
Non intended users can put objects in a given bucket. |
Ensure proper bucket policy is in place with the least privilege principle applied. |
|
| PASS |
critical |
s3 |
ap-south-1 |
Check if S3 buckets have policies which allow WRITE access. |
fugo-config |
Check if S3 buckets have policies which allow WRITE access. |
s3_bucket_policy_public_write_access |
S3 Bucket fugo-config does not allow public write access in the bucket policy. |
Non intended users can put objects in a given bucket. |
Ensure proper bucket policy is in place with the least privilege principle applied. |
|
| PASS |
critical |
s3 |
ap-south-1 |
Check if S3 buckets have policies which allow WRITE access. |
fugo-doc |
Check if S3 buckets have policies which allow WRITE access. |
s3_bucket_policy_public_write_access |
S3 Bucket fugo-doc does not allow public write access in the bucket policy. |
Non intended users can put objects in a given bucket. |
Ensure proper bucket policy is in place with the least privilege principle applied. |
|
| PASS |
critical |
s3 |
ap-south-1 |
Check if S3 buckets have policies which allow WRITE access. |
fugo-rds-db-backup |
Check if S3 buckets have policies which allow WRITE access. |
s3_bucket_policy_public_write_access |
S3 Bucket fugo-rds-db-backup does not have a bucket policy. |
Non intended users can put objects in a given bucket. |
Ensure proper bucket policy is in place with the least privilege principle applied. |
|
| PASS |
critical |
s3 |
ap-south-1 |
Check if S3 buckets have policies which allow WRITE access. |
fugologs |
Check if S3 buckets have policies which allow WRITE access. |
s3_bucket_policy_public_write_access |
S3 Bucket fugologs does not allow public write access in the bucket policy. |
Non intended users can put objects in a given bucket. |
Ensure proper bucket policy is in place with the least privilege principle applied. |
|
| PASS |
critical |
s3 |
ap-south-1 |
Check if S3 buckets have policies which allow WRITE access. |
fugostaging |
Check if S3 buckets have policies which allow WRITE access. |
s3_bucket_policy_public_write_access |
S3 Bucket fugostaging does not have a bucket policy. |
Non intended users can put objects in a given bucket. |
Ensure proper bucket policy is in place with the least privilege principle applied. |
|
| PASS |
critical |
s3 |
us-east-1 |
Check if S3 buckets have policies which allow WRITE access. |
cf-templates-1ip9vfxtvbz1u-us-east-1 |
Check if S3 buckets have policies which allow WRITE access. |
s3_bucket_policy_public_write_access |
S3 Bucket cf-templates-1ip9vfxtvbz1u-us-east-1 does not have a bucket policy. |
Non intended users can put objects in a given bucket. |
Ensure proper bucket policy is in place with the least privilege principle applied. |
|
| PASS |
critical |
s3 |
us-west-2 |
Check if S3 buckets have policies which allow WRITE access. |
war-nops-207592916039 |
Check if S3 buckets have policies which allow WRITE access. |
s3_bucket_policy_public_write_access |
S3 Bucket war-nops-207592916039 does not allow public write access in the bucket policy. |
Non intended users can put objects in a given bucket. |
Ensure proper bucket policy is in place with the least privilege principle applied. |
|
| PASS |
critical |
s3 |
us-west-2 |
Check if S3 buckets have policies which allow WRITE access. |
warcost |
Check if S3 buckets have policies which allow WRITE access. |
s3_bucket_policy_public_write_access |
S3 Bucket warcost does not allow public write access in the bucket policy. |
Non intended users can put objects in a given bucket. |
Ensure proper bucket policy is in place with the least privilege principle applied. |
|
| PASS |
critical |
s3 |
ap-south-1 |
Ensure there are no S3 buckets open to Everyone or Any AWS user. |
dr-fugoone-281222 |
Ensure there are no S3 buckets open to Everyone or Any AWS user. |
s3_bucket_public_access |
S3 Bucket dr-fugoone-281222 is not public. |
Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions. |
You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account; the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions. |
|
| PASS |
critical |
s3 |
ap-south-1 |
Ensure there are no S3 buckets open to Everyone or Any AWS user. |
fugo-config |
Ensure there are no S3 buckets open to Everyone or Any AWS user. |
s3_bucket_public_access |
S3 Bucket fugo-config is not public. |
Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions. |
You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account; the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions. |
|
| PASS |
critical |
s3 |
ap-south-1 |
Ensure there are no S3 buckets open to Everyone or Any AWS user. |
fugo-doc |
Ensure there are no S3 buckets open to Everyone or Any AWS user. |
s3_bucket_public_access |
S3 Bucket fugo-doc is not public. |
Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions. |
You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account; the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions. |
|
| PASS |
critical |
s3 |
ap-south-1 |
Ensure there are no S3 buckets open to Everyone or Any AWS user. |
fugo-rds-db-backup |
Ensure there are no S3 buckets open to Everyone or Any AWS user. |
s3_bucket_public_access |
S3 Bucket fugo-rds-db-backup is not public. |
Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions. |
You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account; the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions. |
|
| PASS |
critical |
s3 |
ap-south-1 |
Ensure there are no S3 buckets open to Everyone or Any AWS user. |
fugologs |
Ensure there are no S3 buckets open to Everyone or Any AWS user. |
s3_bucket_public_access |
S3 Bucket fugologs is not public. |
Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions. |
You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account; the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions. |
|
| PASS |
critical |
s3 |
ap-south-1 |
Ensure there are no S3 buckets open to Everyone or Any AWS user. |
fugostaging |
Ensure there are no S3 buckets open to Everyone or Any AWS user. |
s3_bucket_public_access |
S3 Bucket fugostaging is not public. |
Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions. |
You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account; the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions. |
|
| PASS |
critical |
s3 |
us-east-1 |
Ensure there are no S3 buckets open to Everyone or Any AWS user. |
cf-templates-1ip9vfxtvbz1u-us-east-1 |
Ensure there are no S3 buckets open to Everyone or Any AWS user. |
s3_bucket_public_access |
S3 Bucket cf-templates-1ip9vfxtvbz1u-us-east-1 is not public. |
Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions. |
You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account; the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions. |
|
| PASS |
critical |
s3 |
us-west-2 |
Ensure there are no S3 buckets open to Everyone or Any AWS user. |
war-nops-207592916039 |
Ensure there are no S3 buckets open to Everyone or Any AWS user. |
s3_bucket_public_access |
S3 Bucket war-nops-207592916039 is not public. |
Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions. |
You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account; the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions. |
|
| PASS |
critical |
s3 |
us-west-2 |
Ensure there are no S3 buckets open to Everyone or Any AWS user. |
warcost |
Ensure there are no S3 buckets open to Everyone or Any AWS user. |
s3_bucket_public_access |
S3 Bucket warcost is not public. |
Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions. |
You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account; the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions. |
|
| FAIL |
medium |
s3 |
ap-south-1 |
Check if S3 buckets have secure transport policy. |
dr-fugoone-281222 |
Check if S3 buckets have secure transport policy. |
s3_bucket_secure_transport_policy |
S3 Bucket dr-fugoone-281222 does not have a bucket policy, thus it allows HTTP requests. |
If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet. |
Ensure that S3 buckets has encryption in transit enabled. |
|
| FAIL |
medium |
s3 |
ap-south-1 |
Check if S3 buckets have secure transport policy. |
fugo-config |
Check if S3 buckets have secure transport policy. |
s3_bucket_secure_transport_policy |
S3 Bucket fugo-config allows requests over insecure transport in the bucket policy. |
If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet. |
Ensure that S3 buckets has encryption in transit enabled. |
|
| FAIL |
medium |
s3 |
ap-south-1 |
Check if S3 buckets have secure transport policy. |
fugo-doc |
Check if S3 buckets have secure transport policy. |
s3_bucket_secure_transport_policy |
S3 Bucket fugo-doc allows requests over insecure transport in the bucket policy. |
If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet. |
Ensure that S3 buckets has encryption in transit enabled. |
|
| FAIL |
medium |
s3 |
ap-south-1 |
Check if S3 buckets have secure transport policy. |
fugo-rds-db-backup |
Check if S3 buckets have secure transport policy. |
s3_bucket_secure_transport_policy |
S3 Bucket fugo-rds-db-backup does not have a bucket policy, thus it allows HTTP requests. |
If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet. |
Ensure that S3 buckets has encryption in transit enabled. |
|
| FAIL |
medium |
s3 |
ap-south-1 |
Check if S3 buckets have secure transport policy. |
fugologs |
Check if S3 buckets have secure transport policy. |
s3_bucket_secure_transport_policy |
S3 Bucket fugologs allows requests over insecure transport in the bucket policy. |
If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet. |
Ensure that S3 buckets has encryption in transit enabled. |
|
| FAIL |
medium |
s3 |
ap-south-1 |
Check if S3 buckets have secure transport policy. |
fugostaging |
Check if S3 buckets have secure transport policy. |
s3_bucket_secure_transport_policy |
S3 Bucket fugostaging does not have a bucket policy, thus it allows HTTP requests. |
If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet. |
Ensure that S3 buckets has encryption in transit enabled. |
|
| FAIL |
medium |
s3 |
us-east-1 |
Check if S3 buckets have secure transport policy. |
cf-templates-1ip9vfxtvbz1u-us-east-1 |
Check if S3 buckets have secure transport policy. |
s3_bucket_secure_transport_policy |
S3 Bucket cf-templates-1ip9vfxtvbz1u-us-east-1 does not have a bucket policy, thus it allows HTTP requests. |
If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet. |
Ensure that S3 buckets has encryption in transit enabled. |
|
| FAIL |
medium |
s3 |
us-west-2 |
Check if S3 buckets have secure transport policy. |
war-nops-207592916039 |
Check if S3 buckets have secure transport policy. |
s3_bucket_secure_transport_policy |
S3 Bucket war-nops-207592916039 allows requests over insecure transport in the bucket policy. |
If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet. |
Ensure that S3 buckets has encryption in transit enabled. |
|
| FAIL |
medium |
s3 |
us-west-2 |
Check if S3 buckets have secure transport policy. |
warcost |
Check if S3 buckets have secure transport policy. |
s3_bucket_secure_transport_policy |
S3 Bucket warcost allows requests over insecure transport in the bucket policy. |
If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet. |
Ensure that S3 buckets has encryption in transit enabled. |
|
| FAIL |
medium |
s3 |
ap-south-1 |
Check if S3 buckets have server access logging enabled |
dr-fugoone-281222 |
Check if S3 buckets have server access logging enabled |
s3_bucket_server_access_logging_enabled |
S3 Bucket dr-fugoone-281222 has server access logging disabled. |
Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill. |
Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive. |
|
| FAIL |
medium |
s3 |
ap-south-1 |
Check if S3 buckets have server access logging enabled |
fugo-config |
Check if S3 buckets have server access logging enabled |
s3_bucket_server_access_logging_enabled |
S3 Bucket fugo-config has server access logging disabled. |
Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill. |
Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive. |
|
| FAIL |
medium |
s3 |
ap-south-1 |
Check if S3 buckets have server access logging enabled |
fugo-doc |
Check if S3 buckets have server access logging enabled |
s3_bucket_server_access_logging_enabled |
S3 Bucket fugo-doc has server access logging disabled. |
Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill. |
Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive. |
|
| FAIL |
medium |
s3 |
ap-south-1 |
Check if S3 buckets have server access logging enabled |
fugo-rds-db-backup |
Check if S3 buckets have server access logging enabled |
s3_bucket_server_access_logging_enabled |
S3 Bucket fugo-rds-db-backup has server access logging disabled. |
Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill. |
Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive. |
|
| PASS |
medium |
s3 |
ap-south-1 |
Check if S3 buckets have server access logging enabled |
fugologs |
Check if S3 buckets have server access logging enabled |
s3_bucket_server_access_logging_enabled |
S3 Bucket fugologs has server access logging enabled. |
Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill. |
Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive. |
|
| FAIL |
medium |
s3 |
ap-south-1 |
Check if S3 buckets have server access logging enabled |
fugostaging |
Check if S3 buckets have server access logging enabled |
s3_bucket_server_access_logging_enabled |
S3 Bucket fugostaging has server access logging disabled. |
Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill. |
Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive. |
|
| FAIL |
medium |
s3 |
us-east-1 |
Check if S3 buckets have server access logging enabled |
cf-templates-1ip9vfxtvbz1u-us-east-1 |
Check if S3 buckets have server access logging enabled |
s3_bucket_server_access_logging_enabled |
S3 Bucket cf-templates-1ip9vfxtvbz1u-us-east-1 has server access logging disabled. |
Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill. |
Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive. |
|
| FAIL |
medium |
s3 |
us-west-2 |
Check if S3 buckets have server access logging enabled |
war-nops-207592916039 |
Check if S3 buckets have server access logging enabled |
s3_bucket_server_access_logging_enabled |
S3 Bucket war-nops-207592916039 has server access logging disabled. |
Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill. |
Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive. |
|
| FAIL |
medium |
s3 |
us-west-2 |
Check if S3 buckets have server access logging enabled |
warcost |
Check if S3 buckets have server access logging enabled |
s3_bucket_server_access_logging_enabled |
S3 Bucket warcost has server access logging disabled. |
Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill. |
Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive. |
|
| FAIL |
high |
securityhub |
ap-northeast-1 |
Check if Security Hub is enabled and its standard subscriptions. |
Security Hub |
Check if Security Hub is enabled and its standard subscriptions. |
securityhub_enabled |
Security Hub is not enabled |
AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts. |
Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify. |
|
| FAIL |
high |
securityhub |
ap-northeast-2 |
Check if Security Hub is enabled and its standard subscriptions. |
Security Hub |
Check if Security Hub is enabled and its standard subscriptions. |
securityhub_enabled |
Security Hub is not enabled |
AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts. |
Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify. |
|
| FAIL |
high |
securityhub |
ap-northeast-3 |
Check if Security Hub is enabled and its standard subscriptions. |
Security Hub |
Check if Security Hub is enabled and its standard subscriptions. |
securityhub_enabled |
Security Hub is not enabled |
AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts. |
Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify. |
|
| PASS |
high |
securityhub |
ap-south-1 |
Check if Security Hub is enabled and its standard subscriptions. |
default |
Check if Security Hub is enabled and its standard subscriptions. |
securityhub_enabled |
Security Hub is enabled with standards cis-aws-foundations-benchmark aws-foundational-security-best-practices cis-aws-foundations-benchmark |
AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts. |
Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify. |
|
| FAIL |
high |
securityhub |
ap-southeast-1 |
Check if Security Hub is enabled and its standard subscriptions. |
Security Hub |
Check if Security Hub is enabled and its standard subscriptions. |
securityhub_enabled |
Security Hub is not enabled |
AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts. |
Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify. |
|
| FAIL |
high |
securityhub |
ap-southeast-2 |
Check if Security Hub is enabled and its standard subscriptions. |
Security Hub |
Check if Security Hub is enabled and its standard subscriptions. |
securityhub_enabled |
Security Hub is not enabled |
AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts. |
Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify. |
|
| FAIL |
high |
securityhub |
ca-central-1 |
Check if Security Hub is enabled and its standard subscriptions. |
Security Hub |
Check if Security Hub is enabled and its standard subscriptions. |
securityhub_enabled |
Security Hub is not enabled |
AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts. |
Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify. |
|
| FAIL |
high |
securityhub |
eu-central-1 |
Check if Security Hub is enabled and its standard subscriptions. |
Security Hub |
Check if Security Hub is enabled and its standard subscriptions. |
securityhub_enabled |
Security Hub is not enabled |
AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts. |
Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify. |
|
| FAIL |
high |
securityhub |
eu-north-1 |
Check if Security Hub is enabled and its standard subscriptions. |
Security Hub |
Check if Security Hub is enabled and its standard subscriptions. |
securityhub_enabled |
Security Hub is not enabled |
AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts. |
Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify. |
|
| FAIL |
high |
securityhub |
eu-west-1 |
Check if Security Hub is enabled and its standard subscriptions. |
Security Hub |
Check if Security Hub is enabled and its standard subscriptions. |
securityhub_enabled |
Security Hub is not enabled |
AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts. |
Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify. |
|
| FAIL |
high |
securityhub |
eu-west-2 |
Check if Security Hub is enabled and its standard subscriptions. |
Security Hub |
Check if Security Hub is enabled and its standard subscriptions. |
securityhub_enabled |
Security Hub is not enabled |
AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts. |
Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify. |
|
| FAIL |
high |
securityhub |
eu-west-3 |
Check if Security Hub is enabled and its standard subscriptions. |
Security Hub |
Check if Security Hub is enabled and its standard subscriptions. |
securityhub_enabled |
Security Hub is not enabled |
AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts. |
Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify. |
|
| FAIL |
high |
securityhub |
sa-east-1 |
Check if Security Hub is enabled and its standard subscriptions. |
Security Hub |
Check if Security Hub is enabled and its standard subscriptions. |
securityhub_enabled |
Security Hub is not enabled |
AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts. |
Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify. |
|
| FAIL |
high |
securityhub |
us-east-1 |
Check if Security Hub is enabled and its standard subscriptions. |
Security Hub |
Check if Security Hub is enabled and its standard subscriptions. |
securityhub_enabled |
Security Hub is not enabled |
AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts. |
Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify. |
|
| FAIL |
high |
securityhub |
us-east-2 |
Check if Security Hub is enabled and its standard subscriptions. |
Security Hub |
Check if Security Hub is enabled and its standard subscriptions. |
securityhub_enabled |
Security Hub is not enabled |
AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts. |
Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify. |
|
| FAIL |
high |
securityhub |
us-west-1 |
Check if Security Hub is enabled and its standard subscriptions. |
Security Hub |
Check if Security Hub is enabled and its standard subscriptions. |
securityhub_enabled |
Security Hub is not enabled |
AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts. |
Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify. |
|
| FAIL |
high |
securityhub |
us-west-2 |
Check if Security Hub is enabled and its standard subscriptions. |
Security Hub |
Check if Security Hub is enabled and its standard subscriptions. |
securityhub_enabled |
Security Hub is not enabled |
AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts. |
Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
API-FUGOONE-COM-CPU-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:API-FUGOONE-COM-CPU-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
API-FUGOONE-COM-CPU-UTILIZATION-WARNING |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:API-FUGOONE-COM-CPU-UTILIZATION-WARNING is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
CapitalMarketDemo_CPU_UTILIZATION_CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:CapitalMarketDemo_CPU_UTILIZATION_CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
CapitalMarketDemo_CPU_UTILIZATION_WARNING |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:CapitalMarketDemo_CPU_UTILIZATION_WARNING is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
CapitalMarketDemo_RAM_UTILIZATION_CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:CapitalMarketDemo_RAM_UTILIZATION_CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
CapitalMarketDemo_STORAGE-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:CapitalMarketDemo_STORAGE-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
DR-FUGOONE-COM-CPU-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:DR-FUGOONE-COM-CPU-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
DR-FUGOONE-COM-CPU-UTILIZATION-WARNING |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:DR-FUGOONE-COM-CPU-UTILIZATION-WARNING is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FLTITILE-RAM-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FLTITILE-RAM-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FLTITILE-STORAGE-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FLTITILE-STORAGE-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FLTITLE-STORAGE-UTILIZATION-WARNING |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FLTITLE-STORAGE-UTILIZATION-WARNING is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FLTITLE_CPU_UTILIZATION_CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FLTITLE_CPU_UTILIZATION_CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FLTITLE_CPU_UTULIZATION_WARNING |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FLTITLE_CPU_UTULIZATION_WARNING is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-AWS-LOGIN-ALERTS |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-AWS-LOGIN-ALERTS is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-Alerts |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-Alerts is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-CLOUDTRAIL-CONFIG-CHANGE-ALERT |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-CLOUDTRAIL-CONFIG-CHANGE-ALERT is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| PASS |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-CMK-ALERTS |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-CMK-ALERTS is encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-CONSOLE-LOGIN-WITHOUT-MFA |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-CONSOLE-LOGIN-WITHOUT-MFA is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| PASS |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-IAM-POLICY-CHANGE-ALERTS |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-IAM-POLICY-CHANGE-ALERTS is encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-INSTANCE-ALARMS |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-INSTANCE-ALARMS is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| PASS |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-NACL-ALERTS |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-NACL-ALERTS is encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-NEW-AD-CPU-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-NEW-AD-CPU-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-NEW-AD-CPU-UTILIZATION-WARNING |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-NEW-AD-CPU-UTILIZATION-WARNING is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-ONE-SALES-APP-NEW-RAM-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-ONE-SALES-APP-NEW-RAM-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-ONE-SALES-APP-NEW-STORAGE-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-ONE-SALES-APP-NEW-STORAGE-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-ONE-TITLE-STORAGE-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-ONE-TITLE-STORAGE-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-PRODUCTION-FUGOONE-BASTION-CPU-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-PRODUCTION-FUGOONE-BASTION-CPU-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-PRODUCTION-FUGOONE-BASTION-RAM-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-PRODUCTION-FUGOONE-BASTION-RAM-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-PRODUCTION-FUGOONE-BASTION-STORAGE-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-PRODUCTION-FUGOONE-BASTION-STORAGE-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-RDS-ALARMS |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-RDS-ALARMS is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-S3-BUCKET-ALARMS |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-S3-BUCKET-ALARMS is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| PASS |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-S3-POLICY-CHANGE-ALERTS |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-S3-POLICY-CHANGE-ALERTS is encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-SECURITY-GROUP-CHANGE-ALERTS |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-SECURITY-GROUP-CHANGE-ALERTS is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-SERVICES-PROD-CPU-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-SERVICES-PROD-CPU-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-SERVICES-PROD-CPU-UTILIZATION-WARNING |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-SERVICES-PROD-CPU-UTILIZATION-WARNING is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-SERVICES-SQL-PROD-CPU-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-SERVICES-SQL-PROD-CPU-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-SERVICES-SQL-PROD-CPU-UTILIZATION-WARNING |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-SERVICES-SQL-PROD-CPU-UTILIZATION-WARNING is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-STAGING-SERVER-RAM-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-STAGING-SERVER-RAM-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-STAGING-SERVER-STORAGE-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-STAGING-SERVER-STORAGE-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-TRAINING-CPU-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-TRAINING-CPU-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-TRAINING-CPU-UTILIZATION-WARNING |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-TRAINING-CPU-UTILIZATION-WARNING is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-TRAINING-RAM-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-TRAINING-RAM-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-TRANING-STORAGE-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-TRANING-STORAGE-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| PASS |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-UNAUTHORIZED-API-ALERTS |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-UNAUTHORIZED-API-ALERTS is encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO-VPC-ALERTS |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-VPC-ALERTS is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGOONE-TITLE-CPU-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGOONE-TITLE-CPU-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGOONE-TITLE-CPU-UTILIZATION-WARNING |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGOONE-TITLE-CPU-UTILIZATION-WARNING is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGOONE-TITLE-RAM-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGOONE-TITLE-RAM-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGOONE_SALES_APPNEW_CPU_UTILIZATON_CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGOONE_SALES_APPNEW_CPU_UTILIZATON_CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGOONE_SALES_APPNEW_CPU_UTILIZATON_WARNING |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGOONE_SALES_APPNEW_CPU_UTILIZATON_WARNING is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO_ONSITE |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO_ONSITE is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO_ROOT_USER_LOGIN_ALERTS |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO_ROOT_USER_LOGIN_ALERTS is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO_ROUTE_TABLE_CHANGES_ALERTS |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO_ROUTE_TABLE_CHANGES_ALERTS is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO_SALES_CPU_UTILIZATION_CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO_SALES_CPU_UTILIZATION_CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO_SECURITY_GROUP_ALERTS |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO_SECURITY_GROUP_ALERTS is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO_SECURITY_GROUP_ALERTS.fifo |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO_SECURITY_GROUP_ALERTS.fifo is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO_STAGING_SERVER_CPU_UTILIZATION_CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO_STAGING_SERVER_CPU_UTILIZATION_CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
FUGO_STAGING_SERVER_CPU_UTILIZATION_WARNING |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO_STAGING_SERVER_CPU_UTILIZATION_WARNING is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
INSTANCE_ALARMS.fifo |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:INSTANCE_ALARMS.fifo is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| PASS |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
Network_Gateway_Alerts |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:Network_Gateway_Alerts is encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
Resware_Windows_WCF_API_Server_CPU_UTILIZATION_CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:Resware_Windows_WCF_API_Server_CPU_UTILIZATION_CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
Resware_Windows_WCF_API_Server_CPU_UTILIZATION_WARNING |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:Resware_Windows_WCF_API_Server_CPU_UTILIZATION_WARNING is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
TITLE-APP-PRODUCTION-CPU-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:TITLE-APP-PRODUCTION-CPU-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
TITLE-APP-PRODUCTION-CPU-UTILIZATION-WARNING |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:TITLE-APP-PRODUCTION-CPU-UTILIZATION-WARNING is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
TitleHub-App-Production-STORAGE-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:TitleHub-App-Production-STORAGE-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
TitleHub-App-Staging-RAM-UTULIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:TitleHub-App-Staging-RAM-UTULIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
TitleHub-App-Staging-STORAGE-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:TitleHub-App-Staging-STORAGE-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
TitleHub_APP_Production-RAM-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:TitleHub_APP_Production-RAM-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
TitleHub_APP_Production_CPU_UTILIZATION_CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:TitleHub_APP_Production_CPU_UTILIZATION_CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
TitleHub_APP_Staging_CPU_UTILIZATION_CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:TitleHub_APP_Staging_CPU_UTILIZATION_CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
TitleHub_APP_Staging_CPU_UTILIZATION_WARNING |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:TitleHub_APP_Staging_CPU_UTILIZATION_WARNING is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
Title_APP_Production-STORAGE-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:Title_APP_Production-STORAGE-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
Title_APP_Production_RAM-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:Title_APP_Production_RAM-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
WFGBlocks_APP_Production-RAM-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:WFGBlocks_APP_Production-RAM-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
WFGBlocks_APP_Production-STORAGE-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:WFGBlocks_APP_Production-STORAGE-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
WFGBlocks_APP_Production_CPU_UTILIZATION_CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:WFGBlocks_APP_Production_CPU_UTILIZATION_CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
WFGBlocks_APP_Production_CPU_UTILIZATION_WARNING |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:WFGBlocks_APP_Production_CPU_UTILIZATION_WARNING is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
api-fugoone-com-RAM-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:api-fugoone-com-RAM-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
api-fugoone-com-STORAGE-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:api-fugoone-com-STORAGE-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
demo-fugoone-com-db_CPU_UTILIZATION_CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:demo-fugoone-com-db_CPU_UTILIZATION_CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
demo-fugoone-com-db_STORAGE_UTILIZATION_WARNING |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:demo-fugoone-com-db_STORAGE_UTILIZATION_WARNING is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
dr-fugo-db-RDS-CPU-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:dr-fugo-db-RDS-CPU-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
dr-fugo-db-RDS-STORAGE-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:dr-fugo-db-RDS-STORAGE-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
dr-fugo-db-RDS-STORAGE-UTILIZATION-WARNING |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:dr-fugo-db-RDS-STORAGE-UTILIZATION-WARNING is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
dr-fugoone-coSTORAGE-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:dr-fugoone-coSTORAGE-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
dr-fugoone-com-RAM-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:dr-fugoone-com-RAM-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
fltitle-db-RDS-CPU-UTILIZATION-WARNING |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:fltitle-db-RDS-CPU-UTILIZATION-WARNING is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
fltitle-db-RDS-STORAGE-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:fltitle-db-RDS-STORAGE-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
fltitle-db-RDS-STORAGE-UTILIZATION-WARNING |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:fltitle-db-RDS-STORAGE-UTILIZATION-WARNING is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
fugo-knowfugo-CPU-TILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:fugo-knowfugo-CPU-TILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
fugo-knowfugo-RDS-STORAGE-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:fugo-knowfugo-RDS-STORAGE-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
fugo-knowfugo-RDS-STORAGE-UTILIZATION-WARNING |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:fugo-knowfugo-RDS-STORAGE-UTILIZATION-WARNING is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
fugo-new-demo-16042020-CPU-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:fugo-new-demo-16042020-CPU-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
fugo-new-demo-16042020_STORAGE-UTILIZATION-WARNING |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:fugo-new-demo-16042020_STORAGE-UTILIZATION-WARNING is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
fugo-prod-db-RDS-CPU-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:fugo-prod-db-RDS-CPU-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
fugo-prod-db-RDS-STORAGE-UTILIZATION-WARNING |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:fugo-prod-db-RDS-STORAGE-UTILIZATION-WARNING is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
fugo-prod-db-RDS-STORAGE-UTULIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:fugo-prod-db-RDS-STORAGE-UTULIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
fugo-read-db-RDS-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:fugo-read-db-RDS-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
fugo-staging-db_CPU_UTILIZATION_CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:fugo-staging-db_CPU_UTILIZATION_CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
fugo-staging-db_RDS-STORAGE-UTILIZATION-WARNING |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:fugo-staging-db_RDS-STORAGE-UTILIZATION-WARNING is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
fugo-stagingknowfugo-RDS-CPU-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:fugo-stagingknowfugo-RDS-CPU-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
fugo-stagingknowfugo-RDS-STORAGE-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:fugo-stagingknowfugo-RDS-STORAGE-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
fugo-test-db-RDS_CPU_UTILIZATION_WARNING |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:fugo-test-db-RDS_CPU_UTILIZATION_WARNING is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
fugo-test-db-RDS_STORAGE_UTILIZATION_CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:fugo-test-db-RDS_STORAGE_UTILIZATION_CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
fugoonetitle-RDS-CPU-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:fugoonetitle-RDS-CPU-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
fugoonetitle-RDS-STORAGE-UTILIZATION-WARNING |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:fugoonetitle-RDS-STORAGE-UTILIZATION-WARNING is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
fugoservices-prod-RAM-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:fugoservices-prod-RAM-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
fugoservices-prod-STORAGE-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:fugoservices-prod-STORAGE-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
fugoservices-sql-prod-RAM-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:fugoservices-sql-prod-RAM-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
fugoservices-sql-prod-STORAGE-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:fugoservices-sql-prod-STORAGE-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
new-demo-db-10-07-21_CPU_UTILIZATION_CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:new-demo-db-10-07-21_CPU_UTILIZATION_CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
new-demo-db-10-07-21_RDS-STORAGE_UTILIZATION_CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:new-demo-db-10-07-21_RDS-STORAGE_UTILIZATION_CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
new-demo-fugoone-com-june-RDS_CPU_UTILIZATION_CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:new-demo-fugoone-com-june-RDS_CPU_UTILIZATION_CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
new-demo-fugoone-com-june-RDS_STORAGE_UTILIZATION_CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:new-demo-fugoone-com-june-RDS_STORAGE_UTILIZATION_CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
new-dr-fugoone-db-21-12-2021-RDS-STORAGE-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:new-dr-fugoone-db-21-12-2021-RDS-STORAGE-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
new-dr-fugoone-db-21-12-2021-RDS-STORAGE-UTILIZATION-WARNING |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:new-dr-fugoone-db-21-12-2021-RDS-STORAGE-UTILIZATION-WARNING is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
new-dr-fugoone-db-21-12-2021-RDS-UTILIZATION-CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:new-dr-fugoone-db-21-12-2021-RDS-UTILIZATION-CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
webservices_fugoone_com-DEV-WINDOWS_CPU_UTILIZATION_CRITICAL |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:webservices_fugoone_com-DEV-WINDOWS_CPU_UTILIZATION_CRITICAL is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Ensure there are no SNS Topics unencrypted |
webservices_fugoone_com-DEV-WINDOWS_CPU_UTILIZATION_WARNING |
Ensure there are no SNS Topics unencrypted |
sns_topics_kms_encryption_at_rest_enabled |
SNS topic arn:aws:sns:ap-south-1:207592916039:webservices_fugoone_com-DEV-WINDOWS_CPU_UTILIZATION_WARNING is not encrypted |
If not enabled sensitive information at rest is not protected. |
Use Amazon SNS with AWS KMS. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
API-FUGOONE-COM-CPU-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic API-FUGOONE-COM-CPU-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
API-FUGOONE-COM-CPU-UTILIZATION-WARNING |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic API-FUGOONE-COM-CPU-UTILIZATION-WARNING policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
CapitalMarketDemo_CPU_UTILIZATION_CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic CapitalMarketDemo_CPU_UTILIZATION_CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
CapitalMarketDemo_CPU_UTILIZATION_WARNING |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic CapitalMarketDemo_CPU_UTILIZATION_WARNING policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
CapitalMarketDemo_RAM_UTILIZATION_CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic CapitalMarketDemo_RAM_UTILIZATION_CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
CapitalMarketDemo_STORAGE-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic CapitalMarketDemo_STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
DR-FUGOONE-COM-CPU-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic DR-FUGOONE-COM-CPU-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
DR-FUGOONE-COM-CPU-UTILIZATION-WARNING |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic DR-FUGOONE-COM-CPU-UTILIZATION-WARNING policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FLTITILE-RAM-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FLTITILE-RAM-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FLTITILE-STORAGE-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FLTITILE-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FLTITLE-STORAGE-UTILIZATION-WARNING |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FLTITLE-STORAGE-UTILIZATION-WARNING policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FLTITLE_CPU_UTILIZATION_CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FLTITLE_CPU_UTILIZATION_CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FLTITLE_CPU_UTULIZATION_WARNING |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FLTITLE_CPU_UTULIZATION_WARNING policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-AWS-LOGIN-ALERTS |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-AWS-LOGIN-ALERTS policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-Alerts |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-Alerts policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-CLOUDTRAIL-CONFIG-CHANGE-ALERT |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-CLOUDTRAIL-CONFIG-CHANGE-ALERT policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-CMK-ALERTS |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-CMK-ALERTS policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-CONSOLE-LOGIN-WITHOUT-MFA |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-CONSOLE-LOGIN-WITHOUT-MFA policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-IAM-POLICY-CHANGE-ALERTS |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-IAM-POLICY-CHANGE-ALERTS policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-INSTANCE-ALARMS |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-INSTANCE-ALARMS policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-NACL-ALERTS |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-NACL-ALERTS policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-NEW-AD-CPU-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-NEW-AD-CPU-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-NEW-AD-CPU-UTILIZATION-WARNING |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-NEW-AD-CPU-UTILIZATION-WARNING policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-ONE-SALES-APP-NEW-RAM-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-ONE-SALES-APP-NEW-RAM-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-ONE-SALES-APP-NEW-STORAGE-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-ONE-SALES-APP-NEW-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-ONE-TITLE-STORAGE-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-ONE-TITLE-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-PRODUCTION-FUGOONE-BASTION-CPU-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-PRODUCTION-FUGOONE-BASTION-CPU-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-PRODUCTION-FUGOONE-BASTION-RAM-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-PRODUCTION-FUGOONE-BASTION-RAM-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-PRODUCTION-FUGOONE-BASTION-STORAGE-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-PRODUCTION-FUGOONE-BASTION-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-RDS-ALARMS |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-RDS-ALARMS policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-S3-BUCKET-ALARMS |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-S3-BUCKET-ALARMS policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-S3-POLICY-CHANGE-ALERTS |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-S3-POLICY-CHANGE-ALERTS policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-SECURITY-GROUP-CHANGE-ALERTS |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-SECURITY-GROUP-CHANGE-ALERTS policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-SERVICES-PROD-CPU-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-SERVICES-PROD-CPU-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-SERVICES-PROD-CPU-UTILIZATION-WARNING |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-SERVICES-PROD-CPU-UTILIZATION-WARNING policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-SERVICES-SQL-PROD-CPU-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-SERVICES-SQL-PROD-CPU-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-SERVICES-SQL-PROD-CPU-UTILIZATION-WARNING |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-SERVICES-SQL-PROD-CPU-UTILIZATION-WARNING policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-STAGING-SERVER-RAM-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-STAGING-SERVER-RAM-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-STAGING-SERVER-STORAGE-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-STAGING-SERVER-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-TRAINING-CPU-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-TRAINING-CPU-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-TRAINING-CPU-UTILIZATION-WARNING |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-TRAINING-CPU-UTILIZATION-WARNING policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-TRAINING-RAM-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-TRAINING-RAM-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-TRANING-STORAGE-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-TRANING-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-UNAUTHORIZED-API-ALERTS |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-UNAUTHORIZED-API-ALERTS policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO-VPC-ALERTS |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO-VPC-ALERTS policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGOONE-TITLE-CPU-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGOONE-TITLE-CPU-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGOONE-TITLE-CPU-UTILIZATION-WARNING |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGOONE-TITLE-CPU-UTILIZATION-WARNING policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGOONE-TITLE-RAM-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGOONE-TITLE-RAM-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGOONE_SALES_APPNEW_CPU_UTILIZATON_CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGOONE_SALES_APPNEW_CPU_UTILIZATON_CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGOONE_SALES_APPNEW_CPU_UTILIZATON_WARNING |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGOONE_SALES_APPNEW_CPU_UTILIZATON_WARNING policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO_ONSITE |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO_ONSITE policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO_ROOT_USER_LOGIN_ALERTS |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO_ROOT_USER_LOGIN_ALERTS policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO_ROUTE_TABLE_CHANGES_ALERTS |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO_ROUTE_TABLE_CHANGES_ALERTS policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO_SALES_CPU_UTILIZATION_CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO_SALES_CPU_UTILIZATION_CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO_SECURITY_GROUP_ALERTS |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO_SECURITY_GROUP_ALERTS policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO_SECURITY_GROUP_ALERTS.fifo |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO_SECURITY_GROUP_ALERTS.fifo policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO_STAGING_SERVER_CPU_UTILIZATION_CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO_STAGING_SERVER_CPU_UTILIZATION_CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
FUGO_STAGING_SERVER_CPU_UTILIZATION_WARNING |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic FUGO_STAGING_SERVER_CPU_UTILIZATION_WARNING policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
INSTANCE_ALARMS.fifo |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic INSTANCE_ALARMS.fifo policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
Network_Gateway_Alerts |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic Network_Gateway_Alerts policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
Resware_Windows_WCF_API_Server_CPU_UTILIZATION_CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic Resware_Windows_WCF_API_Server_CPU_UTILIZATION_CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
Resware_Windows_WCF_API_Server_CPU_UTILIZATION_WARNING |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic Resware_Windows_WCF_API_Server_CPU_UTILIZATION_WARNING policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
TITLE-APP-PRODUCTION-CPU-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic TITLE-APP-PRODUCTION-CPU-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
TITLE-APP-PRODUCTION-CPU-UTILIZATION-WARNING |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic TITLE-APP-PRODUCTION-CPU-UTILIZATION-WARNING policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
TitleHub-App-Production-STORAGE-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic TitleHub-App-Production-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
TitleHub-App-Staging-RAM-UTULIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic TitleHub-App-Staging-RAM-UTULIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
TitleHub-App-Staging-STORAGE-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic TitleHub-App-Staging-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
TitleHub_APP_Production-RAM-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic TitleHub_APP_Production-RAM-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
TitleHub_APP_Production_CPU_UTILIZATION_CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic TitleHub_APP_Production_CPU_UTILIZATION_CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
TitleHub_APP_Staging_CPU_UTILIZATION_CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic TitleHub_APP_Staging_CPU_UTILIZATION_CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
TitleHub_APP_Staging_CPU_UTILIZATION_WARNING |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic TitleHub_APP_Staging_CPU_UTILIZATION_WARNING policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
Title_APP_Production-STORAGE-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic Title_APP_Production-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
Title_APP_Production_RAM-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic Title_APP_Production_RAM-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
WFGBlocks_APP_Production-RAM-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic WFGBlocks_APP_Production-RAM-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
WFGBlocks_APP_Production-STORAGE-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic WFGBlocks_APP_Production-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
WFGBlocks_APP_Production_CPU_UTILIZATION_CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic WFGBlocks_APP_Production_CPU_UTILIZATION_CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
WFGBlocks_APP_Production_CPU_UTILIZATION_WARNING |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic WFGBlocks_APP_Production_CPU_UTILIZATION_WARNING policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
api-fugoone-com-RAM-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic api-fugoone-com-RAM-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
api-fugoone-com-STORAGE-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic api-fugoone-com-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
demo-fugoone-com-db_CPU_UTILIZATION_CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic demo-fugoone-com-db_CPU_UTILIZATION_CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
demo-fugoone-com-db_STORAGE_UTILIZATION_WARNING |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic demo-fugoone-com-db_STORAGE_UTILIZATION_WARNING policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
dr-fugo-db-RDS-CPU-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic dr-fugo-db-RDS-CPU-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
dr-fugo-db-RDS-STORAGE-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic dr-fugo-db-RDS-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
dr-fugo-db-RDS-STORAGE-UTILIZATION-WARNING |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic dr-fugo-db-RDS-STORAGE-UTILIZATION-WARNING policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
dr-fugoone-coSTORAGE-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic dr-fugoone-coSTORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
dr-fugoone-com-RAM-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic dr-fugoone-com-RAM-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
fltitle-db-RDS-CPU-UTILIZATION-WARNING |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic fltitle-db-RDS-CPU-UTILIZATION-WARNING policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
fltitle-db-RDS-STORAGE-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic fltitle-db-RDS-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
fltitle-db-RDS-STORAGE-UTILIZATION-WARNING |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic fltitle-db-RDS-STORAGE-UTILIZATION-WARNING policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
fugo-knowfugo-CPU-TILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic fugo-knowfugo-CPU-TILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
fugo-knowfugo-RDS-STORAGE-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic fugo-knowfugo-RDS-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
fugo-knowfugo-RDS-STORAGE-UTILIZATION-WARNING |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic fugo-knowfugo-RDS-STORAGE-UTILIZATION-WARNING policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
fugo-new-demo-16042020-CPU-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic fugo-new-demo-16042020-CPU-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
fugo-new-demo-16042020_STORAGE-UTILIZATION-WARNING |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic fugo-new-demo-16042020_STORAGE-UTILIZATION-WARNING policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
fugo-prod-db-RDS-CPU-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic fugo-prod-db-RDS-CPU-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
fugo-prod-db-RDS-STORAGE-UTILIZATION-WARNING |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic fugo-prod-db-RDS-STORAGE-UTILIZATION-WARNING policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
fugo-prod-db-RDS-STORAGE-UTULIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic fugo-prod-db-RDS-STORAGE-UTULIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
fugo-read-db-RDS-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic fugo-read-db-RDS-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
fugo-staging-db_CPU_UTILIZATION_CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic fugo-staging-db_CPU_UTILIZATION_CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
fugo-staging-db_RDS-STORAGE-UTILIZATION-WARNING |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic fugo-staging-db_RDS-STORAGE-UTILIZATION-WARNING policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
fugo-stagingknowfugo-RDS-CPU-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic fugo-stagingknowfugo-RDS-CPU-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
fugo-stagingknowfugo-RDS-STORAGE-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic fugo-stagingknowfugo-RDS-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
fugo-test-db-RDS_CPU_UTILIZATION_WARNING |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic fugo-test-db-RDS_CPU_UTILIZATION_WARNING policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
fugo-test-db-RDS_STORAGE_UTILIZATION_CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic fugo-test-db-RDS_STORAGE_UTILIZATION_CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
fugoonetitle-RDS-CPU-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic fugoonetitle-RDS-CPU-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
fugoonetitle-RDS-STORAGE-UTILIZATION-WARNING |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic fugoonetitle-RDS-STORAGE-UTILIZATION-WARNING policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
fugoservices-prod-RAM-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic fugoservices-prod-RAM-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
fugoservices-prod-STORAGE-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic fugoservices-prod-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
fugoservices-sql-prod-RAM-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic fugoservices-sql-prod-RAM-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
fugoservices-sql-prod-STORAGE-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic fugoservices-sql-prod-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
new-demo-db-10-07-21_CPU_UTILIZATION_CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic new-demo-db-10-07-21_CPU_UTILIZATION_CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
new-demo-db-10-07-21_RDS-STORAGE_UTILIZATION_CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic new-demo-db-10-07-21_RDS-STORAGE_UTILIZATION_CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
new-demo-fugoone-com-june-RDS_CPU_UTILIZATION_CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic new-demo-fugoone-com-june-RDS_CPU_UTILIZATION_CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
new-demo-fugoone-com-june-RDS_STORAGE_UTILIZATION_CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic new-demo-fugoone-com-june-RDS_STORAGE_UTILIZATION_CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
new-dr-fugoone-db-21-12-2021-RDS-STORAGE-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic new-dr-fugoone-db-21-12-2021-RDS-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
new-dr-fugoone-db-21-12-2021-RDS-STORAGE-UTILIZATION-WARNING |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic new-dr-fugoone-db-21-12-2021-RDS-STORAGE-UTILIZATION-WARNING policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
new-dr-fugoone-db-21-12-2021-RDS-UTILIZATION-CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic new-dr-fugoone-db-21-12-2021-RDS-UTILIZATION-CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
webservices_fugoone_com-DEV-WINDOWS_CPU_UTILIZATION_CRITICAL |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic webservices_fugoone_com-DEV-WINDOWS_CPU_UTILIZATION_CRITICAL policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| FAIL |
high |
sns |
ap-south-1 |
Check if SNS topics have policy set as Public |
webservices_fugoone_com-DEV-WINDOWS_CPU_UTILIZATION_WARNING |
Check if SNS topics have policy set as Public |
sns_topics_not_publicly_accessible |
SNS topic webservices_fugoone_com-DEV-WINDOWS_CPU_UTILIZATION_WARNING policy with public access but has a Condition |
Publicly accessible services could expose sensitive data to bad actors. |
Ensure there is a business requirement for service to be public. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
rSs93HQwa1 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon RDS Public Snapshots is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
aW7HH0l7J9 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Auto Scaling Launch Configurations is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
xSqX82fQu |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check ELB Security Groups is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
dx3xfbjfMr |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Route 53 Traffic Policies is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
b73EEdD790 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon Route 53 Failover Resource Record Sets is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
gH5CC0e3J9 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check EBS Cold HDD (sc1) Volume Storage is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
N425c450f2 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check CloudFront Custom SSL Certificates in the IAM Certificate Store is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
L4dfs2Q4C5 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check AWS Lambda Functions Using Deprecated Runtimes is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
L4dfs2Q4C6 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check AWS Lambda VPC-enabled Functions without Multi-AZ Redundancy is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
cF171Db240 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon Route 53 Name Server Delegations is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
cG7HH0l7J9 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check EBS Magnetic (standard) Volume Storage is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
sU7XX0l7J9 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check IAM Group is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
N420c450f2 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check CloudFront Alternate Domain Names is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
COr6dfpM04 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon EBS under-provisioned volumes is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
COr6dfpM03 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon EBS over-provisioned volumes is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
jtlIMO3qZM |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check RDS Cluster Parameter Groups is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
COr6dfpM06 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check AWS Lambda under-provisioned functions for memory size is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
COr6dfpM05 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check AWS Lambda over-provisioned functions for memory size is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
f2iK5R6Dep |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon RDS Multi-AZ is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
jEhCtdJKOY |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check RDS Subnets per Subnet Group is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
a2sEc6ILx |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check ELB Listener Security is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
ePs02jT06w |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon EBS Public Snapshots is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
R365s2Qddf |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon S3 Bucket Versioning is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Wxdfp4B1L2 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check AWS Well-Architected high risk issues for performance efficiency is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
8wIqYSt25K |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check ELB Network Load Balancers is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Wxdfp4B1L3 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check AWS Well-Architected high risk issues for security is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Wxdfp4B1L4 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check AWS Well-Architected high risk issues for reliability is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Wxdfp4B1L1 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check AWS Well-Architected high risk issues for cost optimization is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
opQPADkZvH |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon RDS Backups is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
L4dfs2Q3C2 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check AWS Lambda Functions with High Error Rates is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
L4dfs2Q3C3 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check AWS Lambda Functions with Excessive Timeouts is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
vjafUGJ9H0 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check AWS CloudTrail Logging is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
7fuccf1Mx7 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check RDS Cluster Roles is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
ru4xfcdfMr |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Route 53 Max Health Checks is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
dV84wpqRUs |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check RDS DB Manual Snapshots is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
xuy7H1avtl |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon Aurora DB Instance Accessibility is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
0t121N1Ty3 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check AWS Direct Connect Connection Redundancy is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
RH23stmM01 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check AWS Resilience Hub resilience scores is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
RH23stmM02 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check AWS Resilience Hub policy breached is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
hc0dfs7601 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check AWS CloudHSM clusters running HSM instances in a single AZ is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
DqdJqYeRm5 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check IAM Access Key Rotation is in state error. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
7DAFEmoDos |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check MFA on Root Account is in state error. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
kM7QQ0l7J9 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check VPC Internet Gateways is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
tfg86AVHAZ |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Large Number of Rules in an EC2 Security Group is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
HCP4007jGY |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Security Groups - Specific Ports Unrestricted is in state error. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Pfx0RwqBli |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon S3 Bucket Permissions is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G191 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check RDS cluster snapshots and database snapshots should be encrypted at rest is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G192 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check RDS DB Instances should prohibit public access, determined by the PubliclyAccessible configuration is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G193 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check RDS DB instances should have encryption at-rest enabled is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G194 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check RDS snapshot should be private is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G195 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check CloudFront distributions should have origin access identity enabled is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G196 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check AWS Config should be enabled is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
B913Ef6fb4 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon Route 53 Alias Resource Record Sets is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G197 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon Elasticsearch Service domains should have encryption at-rest enabled is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G198 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check RDS DB instances should have deletion protection enabled is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
1iG5NDGVre |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Security Groups - Unrestricted Access is in state error. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G190 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check RDS clusters should have deletion protection enabled is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
nNauJisYIT |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon RDS Security Group Access Risk is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G188 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check GuardDuty should be enabled is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G189 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Enhanced monitoring should be configured for RDS DB instances is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
1e93e4c0b5 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon EC2 Reserved Instance Lease Expiration is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
C056F80cR3 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon Route 53 High TTL Resource Record Sets is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
6gtQddfEw6 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check DynamoDB Read Capacity is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G199 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Database logging should be enabled is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
XG0aXHpIEt |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check RDS DB Instances is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
wuy7G1zxql |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon EC2 Availability Zone Balance is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G170 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check S3 Block Public Access setting should be enabled is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G171 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check S3 buckets should prohibit public read access is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G172 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check S3 buckets should prohibit public write access is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G173 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check S3 Block Public Access setting should be enabled at the bucket-level is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G174 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check CodeBuild GitHub or Bitbucket source repository URLs should use OAuth is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G175 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check CodeBuild project environment variables should not contain clear text credentials is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G176 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check ACM certificates should be renewed after a specified time period is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
CLOG40CDO8 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Auto Scaling Group Health Check is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
aW9HH0l8J6 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check EC2-Classic Elastic IP Addresses is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
iK7OO0l7J9 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check ELB Classic Load Balancers is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
wH7DD0l3J9 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check EBS Throughput Optimized HDD (st1) Volume Storage is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
DAvU99Dc4C |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Underutilized Amazon EBS Volumes is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
pYW8UkYz2w |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check RDS Read Replicas per Master is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
pR7UU0l7J9 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check IAM Policies is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
eI7KK0l7J9 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check EBS Active Snapshots is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G166 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check An RDS event notifications subscription should be configured for critical cluster events is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G167 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check S3 buckets should have server-side encryption enabled is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G168 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check S3 buckets should require requests to use Secure Socket Layer is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G169 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check S3 permissions granted to other AWS accounts in bucket policies should be restricted is in state error. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
fW7HH0l7J9 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Auto Scaling Groups is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
P1jhKWEmLa |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check RDS Total Storage Quota is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G180 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon Elasticsearch Service domain error logging to CloudWatch Logs should be enabled is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G181 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Classic Load Balancers with SSL/HTTPS listeners should use a certificate provided by AWS Certificate Manager is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G182 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Classic Load Balancer listeners should be configured with HTTPS or TLS termination is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
1qazXsw23e |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon Relational Database Service (RDS) Reserved Instance Optimization is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G183 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Application load balancer should be configured to drop http headers is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G184 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Application and Classic Load Balancers logging should be enabled is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G185 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check IAM customer managed policies that you create should not allow wildcard actions for services is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G186 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check AWS WAF Classic Global Web ACL logging should be enabled is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G187 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Connections to Amazon Elasticsearch Service domains should be encrypted using TLS 1.2 is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
12Fnkpl8Y5 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Exposed Access Keys is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
8CNsSllI5v |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Auto Scaling Group Resources is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
k3J2hns32g |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Overutilized Amazon EBS Magnetic Volumes is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
hjLMh88uM8 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Idle Load Balancers is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G177 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Auto scaling groups associated with a load balancer should use load balancer health checks is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
BueAdJ7NrP |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon S3 Bucket Logging is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G178 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Security groups should only allow unrestricted incoming traffic for authorized ports is in state error. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G179 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check SNS topics should be encrypted at-rest using AWS KMS is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
xdeXZKIUy |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check ELB Cross-Zone Load Balancing is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
gW7HH0l7J9 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check CloudFormation Stacks is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
gI7MM0l7J2 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check EBS Provisioned IOPS SSD (io2) Volume Storage is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G150 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Elasticsearch domains should encrypt data sent between nodes is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G151 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check An RDS event notifications subscription should be configured for critical database parameter group events is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G152 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check An RDS event notifications subscription should be configured for critical database instance events is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
EM8b3yLRTr |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check ELB Application Load Balancers is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G153 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check RDS instances should not use a database engine default port is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
rT7WW0l7J9 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check IAM Server Certificates is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G154 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check An RDS event notifications subscription should be configured for critical database security group events is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
N415c450f2 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check CloudFront Header Forwarding and Cache Hit Ratio is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G144 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Unused IAM user credentials should be removed is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
iqdCTZKCUp |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Load Balancer Optimization is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G145 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon ECS task definitions should have secure networking modes and user definitions. is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
gI7MM0l7J9 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check EBS Provisioned IOPS SSD (io1) Volume Storage is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G146 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check ECS services should not have public IP addresses assigned to them automatically is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Ti39halfu8 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon RDS Idle DB Instances is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
j3DFqYTe29 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Large Number of EC2 Security Group Rules Applied to an Instance is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G147 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon Elasticsearch Service domains should be in a VPC is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
1qw23er45t |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon Redshift Reserved Node Optimization is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G148 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Elastic Beanstalk environments should have enhanced health reporting enabled is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G149 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Elastic Beanstalk managed platform updates should be enabled is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Cb877eB72b |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon Route 53 Deleted Health Checks is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
796d6f3D83 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check CloudFront Content Delivery Optimization is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G160 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check IAM authentication should be configured for RDS instances is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G161 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check IAM authentication should be configured for RDS clusters is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G162 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check RDS automatic minor version upgrades should be enabled is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G163 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check RDS DB clusters should be configured to copy tags to snapshots is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G164 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check RDS DB instances should be configured to copy tags to snapshots is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G165 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check RDS instances should be deployed in a VPC is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
keAhfbH5yb |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check RDS Event Subscriptions is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
c5ftjdfkMr |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check DynamoDB Write Capacity is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Cm24dfsM13 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon Comprehend Endpoint Access Risk is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G155 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check EC2 instances should be managed by AWS Systems Manager is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G156 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check EC2 instances managed by Systems Manager should have a patch compliance status of COMPLIANT after a patch installation is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
ZRxQlPsb6c |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check High Utilization Amazon EC2 Instances is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G157 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check EC2 instances managed by Systems Manager should have an association compliance status of COMPLIANT is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
bW7HH0l7J9 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Kinesis Shards per Region is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Cm24dfsM12 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon Comprehend Underutilized Endpoints is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G158 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check SSM documents should not be public is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G159 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Elastic File System should be configured to encrypt file data at-rest using AWS KMS is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
nO7SS0l7J9 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check IAM Instance Profiles is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
dx3xfcdfMr |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Route 53 Hosted Zones is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
PPkZrjsH2q |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon EBS Provisioned IOPS (SSD) Volume Attachment Configuration is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G130 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Lambda functions should use supported runtimes is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G131 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Lambda function policies should prohibit public access is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G132 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Database Migration Service replication instances should not be public is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
lN7RR0l7J9 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check EC2-VPC Elastic IP Address is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Z4AUBRNSmz |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Unassociated Elastic IP Addresses is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
dBkuNCvqn5 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check RDS Max Auths per Security Group is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
H7IgTzjTYb |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon EBS Snapshots is in state error. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
7ujm6yhn5t |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon OpenSearch Service Reserved Instance Optimization is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G122 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check VPC flow logging should be enabled in all VPCs is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G123 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check EC2 instances should not have a public IPv4 address is in state error. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
gjqMBn6pjz |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check RDS Clusters is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G124 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check EC2 instances should use Instance Metadata Service Version 2 (IMDSv2) is in state error. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G125 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check API Gateway should be associated with a WAF Web ACL is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Qch7DwouX1 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Low Utilization Amazon EC2 Instances is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G126 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check DynamoDB Accelerator (DAX) clusters should be encrypted at rest is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G127 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check API Gateway REST and WebSocket API execution logging should be enabled is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G128 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check API Gateway REST API stages should be configured to use SSL certificates for backend authentication is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G129 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check API Gateway REST API stages should have AWS X-Ray tracing enabled is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
G31sQ1E9U |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Underutilized Amazon Redshift Clusters is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
h3L1otH3re |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon ElastiCache Reserved Node Optimization is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G140 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check IAM root user access key should not exist is in state error. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G141 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check MFA should be enabled for all IAM users that have a console password is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G142 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Hardware MFA should be enabled for the root user is in state error. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G143 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Password policies for IAM users should have strong configurations is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
N430c450f2 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check CloudFront SSL Certificate on the Origin Server is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
3Njm0DJQO9 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check RDS Option Groups is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
tV7YY0l7J9 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check EBS Provisioned IOPS (SSD) Volume Aggregate IOPS is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
vZ2c2W1srf |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Savings Plan is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G133 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check IAM customer managed policies should not allow decryption actions on all KMS keys is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G134 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check IAM principals should not have IAM inline policies that allow decryption actions on all KMS keys is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
ty3xfcdfMr |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Route 53 Reusable Delegation Sets is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G135 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check AWS KMS keys should not be deleted unintentionally is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G136 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon SQS queues should be encrypted at rest is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
gfZAn3W7wl |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check RDS DB Security Groups is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G137 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check IAM policies should not allow full "*" administrative privileges is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
7qGXsKIUw |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check ELB Connection Draining is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G138 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check IAM users should not have IAM policies attached is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G139 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check IAM users' access keys should be rotated every 90 days or less is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G230 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check S3 bucket server access logging should be enabled is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G231 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Stateless network firewall rule group should not be empty is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G110 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check CloudTrail should have encryption at-rest enabled is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Qsdfp3A4L1 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon EC2 instances over-provisioned for Microsoft SQL Server is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
UUDvOa5r34 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check RDS Reserved Instances is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
oQ7TT0l7J9 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check IAM Roles is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G108 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check CloudTrail trails should be integrated with Amazon CloudWatch Logs is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G229 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check CloudFront distributions should encrypt traffic to custom origins is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G109 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check CloudTrail log file validation should be enabled is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
jL7PP0l7J9 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check VPC is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G100 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon SageMaker notebook instances should not have direct internet access is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G221 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check OpenSearch domains should have audit logging enabled is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G101 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon Elastic MapReduce cluster master nodes should not have public IP addresses is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G222 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check OpenSearch domain error logging to CloudWatch Logs should be enabled is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G223 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check OpenSearch domains should encrypt data sent between nodes is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G102 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Connections to Amazon Redshift clusters should be encrypted in transit is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G224 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check OpenSearch domains should be in a VPC is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
cX3c2R1chu |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon EC2 Reserved Instances Optimization is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G103 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon Redshift clusters should prohibit public access is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G225 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check OpenSearch domains should have encryption at rest enabled is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G104 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Redshift clusters should use enhanced VPC routing is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G226 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon EC2 instances launched using Auto Scaling group launch configurations should not have Public IP addresses is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G105 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon Redshift should have automatic upgrades to major versions enabled is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G106 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon Redshift clusters should have audit logging enabled is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G227 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check CloudFront distributions should use custom SSL/TLS certificates is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G228 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check CloudFront distributions should use SNI to serve HTTPS requests is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G107 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check CloudFront distributions should require encryption in transit is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G120 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Stopped EC2 instances should be removed after a specified time period is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
S45wrEXrLz |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check VPN Tunnel Redundancy is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G121 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check EBS default encryption should be enabled is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G119 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check EBS volumes should be attached to EC2 instances is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
4g3Nt5M1Th |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check AWS Direct Connect Virtual Interface Redundancy is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G111 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check CloudTrail should be enabled and configured with at least one multi-region trail is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G232 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check RDS Database Clusters should use a custom administrator username is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G233 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check RDS database instances should use a custom administrator username is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G112 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Secrets Manager secrets should be rotated within a specified number of days is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G113 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Secrets Manager secrets configured with automatic rotation should rotate successfully is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G114 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Remove unused Secrets Manager secrets is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G115 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Secrets Manager secrets should have automatic rotation enabled is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
jEECYg2YVU |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check RDS DB Parameter Groups is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G116 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check EBS snapshots should not be public, determined by the ability to be restorable by anyone is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G117 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Attached EBS volumes should be encrypted at-rest is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G118 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check The VPC default security group should not allow inbound and outbound traffic is in state error. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
dYWBaXaaMM |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check RDS Subnet Groups is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
MDBdfsQ401 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon MemoryDB Multi-AZ clusters is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
0Xc6LMYG8P |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check EC2 On-Demand Instances is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Bh2xRR2FGH |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon EC2 to EBS Throughput Optimization is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
ECHdfsQ402 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon ElastiCache Multi-AZ clusters is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G207 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check EC2 subnets should not automatically assign public IP addresses is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G208 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check EC2 instances should not use multiple ENIs is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G209 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Unused Network Access Control Lists should be removed is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G200 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check CloudFront distributions should have a default root object configured is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
iH7PP0l7J9 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check EC2 Reserved Instance Leases is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G201 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check CloudFront distributions should have WAF enabled is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G202 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check API Gateway REST API cache data should be encrypted at rest is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G203 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon Elasticsearch Service domains should have audit logging enabled is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G204 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Security groups should not allow unrestricted access to ports with high risk is in state error. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G205 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Classic Load Balancers with HTTPS/SSL listeners should use a predefined security policy that has strong configuration is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
51fC20e7I2 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon Route 53 Latency Resource Record Sets is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G206 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon EC2 should be configured to use VPC endpoints that are created for the Amazon EC2 service is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
hJ7NN0l7J9 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check SES Daily Sending Quota is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
dH7RR0l6J3 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check EBS General Purpose SSD (gp3) Volume Storage is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
dH7RR0l6J9 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check EBS General Purpose SSD (gp2) Volume Storage is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
zXCkfM1nI3 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check IAM Use is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
8M012Ph3U5 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check AWS Direct Connect Location Redundancy is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G220 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Connections to OpenSearch domains should be encrypted using TLS 1.2 is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G218 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check CodeBuild project environments should not have privileged mode enabled is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G219 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon Redshift clusters should not use the default Admin username is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Yw2K9puPzl |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check IAM Password Policy is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
c9D319e7sG |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon Route 53 MX Resource Record Sets and Sender Policy Framework is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
dx8afcdfMr |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Route 53 Traffic Policy Instances is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Qsdfp3A4L4 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon EC2 instances with Microsoft Windows Server end of support is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Qsdfp3A4L3 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon EC2 instances with Microsoft SQL Server end of support is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Qsdfp3A4L2 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Amazon EC2 instances consolidation for Microsoft SQL Server is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G210 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check CloudFront distributions should have logging enabled is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G211 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check S3 buckets with versioning enabled should have lifecycle policies configured is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G212 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check S3 buckets should have event notifications enabled is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G213 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check S3 access control lists (ACLs) should not be used to manage user access to buckets is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G214 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Network ACLs should not allow ingress from 0.0.0.0/0 to port 22 or port 3389 is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G215 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check Unused EC2 security groups should be removed is in state warning. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G216 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check ECR repositories should have at least one lifecycle policy configured is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
Hs4Ma3G217 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check CodeBuild project environments should have a logging configuration is in state not_available. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| PASS |
medium |
trustedadvisor |
us-east-1 |
Check Trusted Advisor for errors and warnings. |
qS7VV0l7J9 |
Check Trusted Advisor for errors and warnings. |
trustedadvisor_errors_and_warnings |
Trusted Advisor check IAM Users is in state ok. |
Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions. |
Review and act upon its recommendations. |
|
| FAIL |
medium |
vpc |
ap-northeast-1 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc-543d0533 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc_flow_logs_enabled |
VPC vpc-543d0533 Flow logs are disabled. |
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows. |
It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs. |
|
| FAIL |
medium |
vpc |
ap-northeast-2 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc-b64e86dd |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc_flow_logs_enabled |
VPC vpc-b64e86dd Flow logs are disabled. |
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows. |
It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs. |
|
| FAIL |
medium |
vpc |
ap-northeast-3 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc-d1fc97b8 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc_flow_logs_enabled |
VPC vpc-d1fc97b8 Flow logs are disabled. |
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows. |
It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs. |
|
| FAIL |
medium |
vpc |
ap-south-1 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc-0686fd71db9771a70 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc_flow_logs_enabled |
VPC vpc-0686fd71db9771a70 Flow logs are disabled. |
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows. |
It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs. |
|
| FAIL |
medium |
vpc |
ap-south-1 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc-04e5c6db50a181ca3 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc_flow_logs_enabled |
VPC vpc-04e5c6db50a181ca3 Flow logs are disabled. |
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows. |
It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs. |
|
| FAIL |
medium |
vpc |
ap-south-1 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc-01f1de304d7d004b9 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc_flow_logs_enabled |
VPC vpc-01f1de304d7d004b9 Flow logs are disabled. |
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows. |
It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs. |
|
| FAIL |
medium |
vpc |
ap-south-1 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc-0998be5081bd1362c |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc_flow_logs_enabled |
VPC vpc-0998be5081bd1362c Flow logs are disabled. |
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows. |
It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs. |
|
| FAIL |
medium |
vpc |
ap-south-1 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc-0301df6660757a2f1 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc_flow_logs_enabled |
VPC vpc-0301df6660757a2f1 Flow logs are disabled. |
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows. |
It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs. |
|
| PASS |
medium |
vpc |
ap-south-1 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc-07d5b113a1e7947bf |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc_flow_logs_enabled |
VPC vpc-07d5b113a1e7947bf Flow logs are enabled. |
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows. |
It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs. |
|
| FAIL |
medium |
vpc |
ap-south-1 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc-a24e4bca |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc_flow_logs_enabled |
VPC vpc-a24e4bca Flow logs are disabled. |
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows. |
It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs. |
|
| FAIL |
medium |
vpc |
ap-southeast-1 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc-a49f91c3 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc_flow_logs_enabled |
VPC vpc-a49f91c3 Flow logs are disabled. |
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows. |
It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs. |
|
| FAIL |
medium |
vpc |
ap-southeast-2 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc-2c65584b |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc_flow_logs_enabled |
VPC vpc-2c65584b Flow logs are disabled. |
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows. |
It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs. |
|
| FAIL |
medium |
vpc |
eu-central-1 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc-6b18e101 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc_flow_logs_enabled |
VPC vpc-6b18e101 Flow logs are disabled. |
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows. |
It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs. |
|
| FAIL |
medium |
vpc |
eu-north-1 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc-7808dc11 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc_flow_logs_enabled |
VPC vpc-7808dc11 Flow logs are disabled. |
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows. |
It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs. |
|
| FAIL |
medium |
vpc |
eu-west-1 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc-6ac3d80c |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc_flow_logs_enabled |
VPC vpc-6ac3d80c Flow logs are disabled. |
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows. |
It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs. |
|
| FAIL |
medium |
vpc |
eu-west-2 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc-399eee51 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc_flow_logs_enabled |
VPC vpc-399eee51 Flow logs are disabled. |
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows. |
It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs. |
|
| FAIL |
medium |
vpc |
eu-west-3 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc-768a881f |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc_flow_logs_enabled |
VPC vpc-768a881f Flow logs are disabled. |
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows. |
It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs. |
|
| FAIL |
medium |
vpc |
sa-east-1 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc-eadae38d |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc_flow_logs_enabled |
VPC vpc-eadae38d Flow logs are disabled. |
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows. |
It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs. |
|
| FAIL |
medium |
vpc |
us-east-1 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc-18326f62 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc_flow_logs_enabled |
VPC vpc-18326f62 Flow logs are disabled. |
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows. |
It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs. |
|
| FAIL |
medium |
vpc |
us-east-1 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc-02c1a29d1dea3bb3a |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc_flow_logs_enabled |
VPC vpc-02c1a29d1dea3bb3a Flow logs are disabled. |
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows. |
It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs. |
|
| FAIL |
medium |
vpc |
us-east-2 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc-c452adaf |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc_flow_logs_enabled |
VPC vpc-c452adaf Flow logs are disabled. |
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows. |
It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs. |
|
| FAIL |
medium |
vpc |
us-west-1 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc-fcf4eb9b |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc_flow_logs_enabled |
VPC vpc-fcf4eb9b Flow logs are disabled. |
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows. |
It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs. |
|
| FAIL |
medium |
vpc |
us-west-2 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc-2b41cb53 |
Ensure VPC Flow Logging is Enabled in all VPCs. |
vpc_flow_logs_enabled |
VPC vpc-2b41cb53 Flow logs are disabled. |
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows. |
It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs. |
|
| FAIL |
medium |
vpc |
ap-south-1 |
Ensure routing tables for VPC peering are least access. |
pcx-0db2ef6db20f08243 |
Ensure routing tables for VPC peering are least access. |
vpc_peering_routing_tables_with_least_privilege |
VPC Peering Connection pcx-0db2ef6db20f08243 does not comply with least privilege access since it accepts whole VPCs CIDR in its route tables. |
Being highly selective in peering routing tables is a very effective way of minimizing the impact of breach as resources outside of these routes are inaccessible to the peered VPC. |
Review routing tables of peered VPCs for whether they route all subnets of each VPC and whether that is necessary to accomplish the intended purposes for peering the VPCs. |
|
| FAIL |
medium |
vpc |
ap-south-1 |
Ensure routing tables for VPC peering are least access. |
pcx-0c44a9b97a0b8409e |
Ensure routing tables for VPC peering are least access. |
vpc_peering_routing_tables_with_least_privilege |
VPC Peering Connection pcx-0c44a9b97a0b8409e does not comply with least privilege access since it accepts whole VPCs CIDR in its route tables. |
Being highly selective in peering routing tables is a very effective way of minimizing the impact of breach as resources outside of these routes are inaccessible to the peered VPC. |
Review routing tables of peered VPCs for whether they route all subnets of each VPC and whether that is necessary to accomplish the intended purposes for peering the VPCs. |
|
| PASS |
medium |
vpc |
ap-south-1 |
Ensure routing tables for VPC peering are least access. |
pcx-0d283f0873ef7eb9c |
Ensure routing tables for VPC peering are least access. |
vpc_peering_routing_tables_with_least_privilege |
VPC Peering Connection pcx-0d283f0873ef7eb9c comply with least privilege access. |
Being highly selective in peering routing tables is a very effective way of minimizing the impact of breach as resources outside of these routes are inaccessible to the peered VPC. |
Review routing tables of peered VPCs for whether they route all subnets of each VPC and whether that is necessary to accomplish the intended purposes for peering the VPCs. |
|
| PASS |
medium |
vpc |
us-east-1 |
Ensure routing tables for VPC peering are least access. |
pcx-0c44a9b97a0b8409e |
Ensure routing tables for VPC peering are least access. |
vpc_peering_routing_tables_with_least_privilege |
VPC Peering Connection pcx-0c44a9b97a0b8409e comply with least privilege access. |
Being highly selective in peering routing tables is a very effective way of minimizing the impact of breach as resources outside of these routes are inaccessible to the peered VPC. |
Review routing tables of peered VPCs for whether they route all subnets of each VPC and whether that is necessary to accomplish the intended purposes for peering the VPCs. |
|
| PASS |
medium |
vpc |
us-east-1 |
Ensure routing tables for VPC peering are least access. |
pcx-0d283f0873ef7eb9c |
Ensure routing tables for VPC peering are least access. |
vpc_peering_routing_tables_with_least_privilege |
VPC Peering Connection pcx-0d283f0873ef7eb9c comply with least privilege access. |
Being highly selective in peering routing tables is a very effective way of minimizing the impact of breach as resources outside of these routes are inaccessible to the peered VPC. |
Review routing tables of peered VPCs for whether they route all subnets of each VPC and whether that is necessary to accomplish the intended purposes for peering the VPCs. |
|
| FAIL |
high |
workspaces |
us-east-1 |
Ensure that your Amazon WorkSpaces storage volumes are encrypted in order to meet security and compliance requirements |
ws-7gsxbjbsx |
Ensure that your Amazon WorkSpaces storage volumes are encrypted in order to meet security and compliance requirements |
workspaces_volume_encryption_enabled |
WorkSpaces workspace ws-7gsxbjbsx with root and user unencrypted volumes |
If the value listed in the Volume Encryption column is Disabled the selected AWS WorkSpaces instance volumes (root and user volumes) are not encrypted. Therefore your data-at-rest is not protected from unauthorized access and does not meet the compliance requirements regarding data encryption. |
WorkSpaces is integrated with the AWS Key Management Service (AWS KMS). This enables you to encrypt storage volumes of WorkSpaces using AWS KMS Key. When you launch a WorkSpace you can encrypt the root volume (for Microsoft Windows - the C drive; for Linux - /) and the user volume (for Windows - the D drive; for Linux - /home). Doing so ensures that the data stored at rest - disk I/O to the volume - and snapshots created from the volumes are all encrypted |
|
| FAIL |
high |
workspaces |
us-east-1 |
Ensure that your Amazon WorkSpaces storage volumes are encrypted in order to meet security and compliance requirements |
ws-4tzpmthcx |
Ensure that your Amazon WorkSpaces storage volumes are encrypted in order to meet security and compliance requirements |
workspaces_volume_encryption_enabled |
WorkSpaces workspace ws-4tzpmthcx with root and user unencrypted volumes |
If the value listed in the Volume Encryption column is Disabled the selected AWS WorkSpaces instance volumes (root and user volumes) are not encrypted. Therefore your data-at-rest is not protected from unauthorized access and does not meet the compliance requirements regarding data encryption. |
WorkSpaces is integrated with the AWS Key Management Service (AWS KMS). This enables you to encrypt storage volumes of WorkSpaces using AWS KMS Key. When you launch a WorkSpace you can encrypt the root volume (for Microsoft Windows - the C drive; for Linux - /) and the user volume (for Windows - the D drive; for Linux - /home). Doing so ensures that the data stored at rest - disk I/O to the volume - and snapshots created from the volumes are all encrypted |
|
| FAIL |
high |
workspaces |
us-east-1 |
Ensure that your Amazon WorkSpaces storage volumes are encrypted in order to meet security and compliance requirements |
ws-kh9h1dgzz |
Ensure that your Amazon WorkSpaces storage volumes are encrypted in order to meet security and compliance requirements |
workspaces_volume_encryption_enabled |
WorkSpaces workspace ws-kh9h1dgzz with root and user unencrypted volumes |
If the value listed in the Volume Encryption column is Disabled the selected AWS WorkSpaces instance volumes (root and user volumes) are not encrypted. Therefore your data-at-rest is not protected from unauthorized access and does not meet the compliance requirements regarding data encryption. |
WorkSpaces is integrated with the AWS Key Management Service (AWS KMS). This enables you to encrypt storage volumes of WorkSpaces using AWS KMS Key. When you launch a WorkSpace you can encrypt the root volume (for Microsoft Windows - the C drive; for Linux - /) and the user volume (for Windows - the D drive; for Linux - /home). Doing so ensures that the data stored at rest - disk I/O to the volume - and snapshots created from the volumes are all encrypted |
|
| FAIL |
high |
workspaces |
us-east-1 |
Ensure that your Amazon WorkSpaces storage volumes are encrypted in order to meet security and compliance requirements |
ws-hks7rnjl7 |
Ensure that your Amazon WorkSpaces storage volumes are encrypted in order to meet security and compliance requirements |
workspaces_volume_encryption_enabled |
WorkSpaces workspace ws-hks7rnjl7 with root and user unencrypted volumes |
If the value listed in the Volume Encryption column is Disabled the selected AWS WorkSpaces instance volumes (root and user volumes) are not encrypted. Therefore your data-at-rest is not protected from unauthorized access and does not meet the compliance requirements regarding data encryption. |
WorkSpaces is integrated with the AWS Key Management Service (AWS KMS). This enables you to encrypt storage volumes of WorkSpaces using AWS KMS Key. When you launch a WorkSpace you can encrypt the root volume (for Microsoft Windows - the C drive; for Linux - /) and the user volume (for Windows - the D drive; for Linux - /home). Doing so ensures that the data stored at rest - disk I/O to the volume - and snapshots created from the volumes are all encrypted |
|
| FAIL |
high |
workspaces |
us-east-1 |
Ensure that your Amazon WorkSpaces storage volumes are encrypted in order to meet security and compliance requirements |
ws-47935l7x4 |
Ensure that your Amazon WorkSpaces storage volumes are encrypted in order to meet security and compliance requirements |
workspaces_volume_encryption_enabled |
WorkSpaces workspace ws-47935l7x4 with root and user unencrypted volumes |
If the value listed in the Volume Encryption column is Disabled the selected AWS WorkSpaces instance volumes (root and user volumes) are not encrypted. Therefore your data-at-rest is not protected from unauthorized access and does not meet the compliance requirements regarding data encryption. |
WorkSpaces is integrated with the AWS Key Management Service (AWS KMS). This enables you to encrypt storage volumes of WorkSpaces using AWS KMS Key. When you launch a WorkSpace you can encrypt the root volume (for Microsoft Windows - the C drive; for Linux - /) and the user volume (for Windows - the D drive; for Linux - /home). Doing so ensures that the data stored at rest - disk I/O to the volume - and snapshots created from the volumes are all encrypted |
|